[rsyslog-notify] Forum Thread: Rsyslog logging using variables - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Wed Sep 16 13:49:36 CEST 2015 

User: Jzeolla 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25919#p25919

Message: 
----------
Here is a snippet from my 50-default.conf - I was just wondering if I could
get a sanity check for my method, or if there is a better way to do this
same thing (perhaps with templates?).  The intent is to send everything
remotely, but also log some things locally.  Also, I wasn't able to find
documentation about whether or not I can use single quotes for variables
(such as in $!permissions!default).  

[code:3vh75x6p]set $!filter!auth="($syslogfacility-text ==
[auth,authpriv])";
set $!filter!ignore_this="($syslogfacility-text == local2)";
set $!filter!syslog="(not ($!filter!auth and $!filter!ignore_this))";
set $!filter!cron="($syslogfacility-text == cron and not
$!filter!ignore_this)";
set $!filter!daemon="($syslogfacility-text == daemon and not
$!filter!ignore_this)";
set $!filter!kern="($syslogfacility-text == kern and not
$!filter!ignore_this)";
set $!filter!news="($syslogfacility-text == mail and not
$!filter!ignore_this)";
set $!filter!at_least_info="($syslogseverity < 7)";
set $!filter!at_least_crit="($syslogseverity < 3)";

# Set all of the unique permission sets
set $!permissions!default='dirCreateMode="0755" dirOwner="root"
dirGroup="root" fileOwner="root" fileGroup="adm" fileCreateMode="0640"'
set $!permissions!news='dirCreateMode="0755" dirOwner="news" dirGroup="adm"
fileOwner="news" fileGroup="adm" fileCreateMode="0640"'

# Log all syslog remotely over TCP
@@syslog.example.com:1514

if $!filter!ignore_this then {
        stop
}
if $!filter!auth then {
        action(type="omfile" File="/var/log/auth.log" sync="off"
               $!permissions!default)
}
if $!filter!syslog then {
        action(type="omfile" File="/var/log/syslog" sync="on"
               $!permissions!default)
}
if $!filter!cron then {
        action(type="omfile" File="/var/log/cron.log" sync="off"
               $!permissions!default)
}
if $!filter!daemon then {
        action(type="omfile" File="/var/log/daemon.log" sync="on"
               $!permissions!default)
}
if $!filter!kern then {
        action(type="omfile" File="/var/log/kern.log" sync="on"
               $!permissions!default)
}
if $!filter!mail and $!filter!at_least_info then {
        action(type="omfile" File="/var/log/$syslogfacility-text.info"
sync="on"
               $!permissions!default)
}
if $!filter!news and $!filter!at_least_crit then {
        action(type="omfile" File="/var/log/news/news.crit" sync="off"
               $!permissions!news)
}
[/code:3vh75x6p]

Thanks.

More information about the rsyslog-notify mailing list