1

I'm using rsyslog to send logs to elasticsearch. It all works well in my local environment, but now I'm trying to make it more generic and inject environment variables where needed.

As part of my rsyslog.conf is this omelasticsearch action:

action(
    type="omelasticsearch"
    server=<somehow use $ES_HOST here>
    template="haproxy"
    bulkmode="on"
    searchIndex="haproxy-index"
    dynSearchIndex="on"
    usehttps="on"
    asyncrepl="on"
    uid=<somehow use $ES_USER here>
    pwd=<somehow use $ES_PASSWORD here>
)

I tried using getenv() and setting variables, but I couldn't find a way to inject said variable into the parameters of my action.

Did I miss something simple, or is that just not doable?

aspyct
  • 340
  • 6
  • 19

2 Answers2

1

Turns out you can shell out from the config file by using backticks.

action(
    type="omelasticsearch"
    server=`echo $ES_HOST`
    template="haproxy"
    bulkmode="on"
    searchIndex="haproxy-index"
    dynSearchIndex="on"
    usehttps="on"
    uid=`echo $ES_USER`
    pwd=`echo $ES_PASSWORD`
)
aspyct
  • 340
  • 6
  • 19
0

you can also use this technique in the rsyslog template to pass properties to your elasticsearch index with environment variable values like this

template(name="logfile" type="list") {
   constant(value="{")

   constant(value="\"@timestamp\":\"")     
   property(name="timegenerated" dateFormat="rfc3339")
   constant(value="\", ")
   
   constant(value="\"pod_namespace\":\"")     
   constant(value=`echo $KUB_POD_NAMESPACE`)
   constant(value="\", ")
   
   constant(value="\"pod_name\":\"")     
   constant(value=`echo $KUB_POD_NAME`)
   constant(value="\", ")
   
   constant(value="\"pod_ip\":\"")     
   constant(value=`echo $KUB_INSTANCE_ADDR`)
   constant(value="\", ")
   
   property(name="$!all-json" position.from="2")
}
Datum Geek
  • 146
  • 4