So, there is no need to write to a log file.
Is this possible please?
Or my question in an alternative way:
can telegraf parses syslog outputs without it writing to a file firstly?
Not in 1.6, however there is work to add this underway. If you are feeling adventurous you can check the features/rfc5424-parser branch.
We’ve been using this parser to store syslog into influxdb for our internal testing.
Here is how we configured rsyslog and telegraf’s socket_listener:
https://github.com/influxdata/telegraf/blob/feature/rfc5424-parser/plugins/parsers/syslog/README.md
Currently, this branch only works with syslog over UDP, but, we are working towards supporting TCP framing here: RFC 5425 by leodido · Pull Request #9 · influxdata/go-syslog · GitHub
Hi Daniel and Chris,
Thanks a lot for the advice. I shall try what Chris suggested. BTW, my version is 1.5.2
With best regards
Hi Daniel,
I have tried version 1.6.1 and had:
telegraf --config ~/telegraf/telegraf.conf
2018/04/27 10:33:48 E! Error parsing /home/jwang/telegraf/telegraf.conf, Invalid data format: syslog
[jwang@thw-dv-lamp-01 ~]$ telegraf version
Telegraf v1.6.1 (git: release-1.6 bf0ab27f)
Please advise
Thanks
The syslog work is still only on the development branch features/rfc5424-parser, if you would like to test it out right now you will need to build this branch from source. I expect it will be added to the master branch within a few weeks and then it will be available in the nightly builds, and I expect it to be included in the 1.7.0 release.
