My daemon uses libc syslog() call that logs messages in RSYSLOG_TraditionalFileFormat format. And, rsyslogd daemon running on the same host needs to forward all these messages to a remote log collector in RSYSLOG_SyslogProtocol23Format format.
Now I want to "piggy back" %STRUCTURED-DATA% to RSYSLOG_TraditionalFileFormat format (basically when my daemon will call syslog() it will specify structured data in square brackets). How can I specify incoming log message format (or template) in rsyslog.conf so that it would understand structured-data?
I understand that one of the solutions would be for my daemon to directly send message to /dev/log and change default log message format in rsyslog.conf. However, this does not seem right, because I want to keep the local log format the same.
It seems that it is impossible to solve this in an elegant way, because libc syslog() call uses /dev/log UNIX domain socket.
And rsyslog 8.8 and older uses hardcoded message parser for messages received over UNIX domain socket. See usespecialparser setting (http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html)
Another option to get this to work with the latest Ubuntu 15.04 that ships with rsyslog 7.4 would be to use UDP socket, but then I can't use libc syslog() anymore.