On Fri, 2016-11-18 at 13:49 +0000, Leandro do Nascimento Bernardo
wrote:
>
> Hello guys, I have a doubt regarding the exim log format. You can
> change
> the date to timestamp log? Or include a timestamp? Today my date is
> as
> follows: YYYY-MM-DD HH: MM: SS but to send to the elasticsearch this
> field
> would need to be unique, something like YYYY-MM-DDTHH: MM: SS, you
> know if
> it is possible?
>
> Regards
I recommend sending your Exim logs through say rsyslog and then using
that to send to ES. You can pre-process the logs to get whatever
datstamp format you want.
If you use RELP or TCP to ship the logs you get local buffering for
free. If you use UDP to ship then that is just spraying logs out into
the unknown
Cheers
Jon
Blueloop Ltd
01460 271055
https://www.blueloop.net
Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322