Project

General

Profile

Send production.log via rsyslog

Added by Davide Fabrizi about 3 years ago

Hello,

I want to send via rsyslog the log of production.log file to an external SIEM.

To send efficiently this kind of log I would like to send as a single event all line of this pattern:

Started GET "/admin" for X.X.X.X at 2021-01-04 11:37:31 +0100
Processing by AdminController#index as HTML
Current user: user (id=1)
Rendering admin/index.html.erb within layouts/admin
Rendered admin/index.html.erb within layouts/admin (5.3ms)
Rendering layouts/base.html.erb
Rendered layouts/base.html.erb (11.3ms)
Completed 200 OK in 31ms (Views: 17.7ms | ActiveRecord: 4.2ms)

How is the better configuration rsyslog configuration to send this kind of file?
Is it possible to modify the "template" of this log?