Barry, my plumber, was asking me how he could send some logs to Sematext from his script.
I told him he could probably instll rsyslog or syslog-ng and send some logs.
Also, I made him this 'rlogger' script similar to the logger command, but sends to Sematext. You can get free account w/ 7 day retention. Another option is Humio which also has free community account with 7 day retention. Could also tweak it to send to Splunk HEC.
Posting in case someone had same question as Barry.
#!/bin/sh
PROGNAME=$0
usage() {
cat << EOF >&2
Usage: ${PROGNAME} [-s] [-t TAG] [-p PRIO] [MESSAGE]
Write MESSAGE (or stdin) to syslog
-s ignored
-t TAG Log using the specified tag (defaults to user name)
-p PRIO Priority (numeric or facility.level pair, defaults to user.notice)
EOF
exit 1
}
#dir=default_dir file=default_file verbose_level=0
sflag=0 tag="${USER}" priority="user.notice"
while getopts st:p:v o; do
case $o in
(s) sflag=1;;
(t) tag=$OPTARG;;
(p) priority=$OPTARG;;
(v) verbose_level=$((verbose_level + 1));;
(*) usage
esac
done
shift "$((OPTIND - 1))"
if [ $# -eq 0 ]
then
# echo default message
MESSAGE=$(uptime)
MYTAG=base
else
# echo parameter message
MESSAGE="$@"
MYTAG=$tag
fi
#echo assign vars
MYHOST=${HOSTNAME}
YOUR_TOKEN_HERE="replace-with-our-token"
SITE="https://logsene-receiver.sematext.com"
NOW=`date "+%Y-%m-%dT%H:%M:%S%z"`
#echo $NOW $MYHOST $MESSAGE
MYDATA="{ \"@timestamp\": \"$NOW\", \"host\": \"$MYHOST\", \"source\": \"openwrt\", \"tag\": \"$MYTAG\", \"priority\": \"$priority\", \"message\": \"$MESSAGE\" }"
#echo $MYDATA
curl -s -o /dev/null -XPOST https://logsene-receiver.sematext.com/$YOUR_TOKEN_HERE/_doc/ -d "${MYDATA}"