I need to filter rsyslog entries based on the values of their properties then process them using Nifi. The properties that I am interested in are fromhost-ip, hostname, syslogfacility, timestamp, inputname and app-name. Is it actually possible to get the properties that aren't stored in the body of the Flow File when using a ListenSyslog processor? I am using CentOS 7 if that is important.
The only information NiFi has access to is what is in each message.
The hostname, facility, and timestamp should part of each message.
I'm not familiar with what inputname and appname are or where they come from.
The sender IP/host should be captured in a flow file attribute already called syslog.sender.
If you are doing a single message per flow file (which is not great for performance) then you can have ListenSyslog parse the messages and it will create flow file attributes:
Look at the "Writes Attributes" section here: