[rsyslog-notify] Forum Thread: Re: Rsyslog logging using variables - (Mode 'reply')

Thu Sep 17 14:39:41 CEST 2015

User: Jzeolla 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25923#p25923

Message: 
----------
My goal is to model how syslog-ng does client configs which is to set your
sources, destinations, filters, and then set the actual logging event using
those groupings.  Below is what the previous rsyslog config was modeled
after in syslog-ng land (if you read through it's rather intuitive).  I
would like to replicate the configuration in a way where the settings are
all defined at the top of my script (similar to filters) and then have a
section where I include those settings below and take an action on them
(similar to the log event in syslog-ng).  

[code:37zd3fq9]######
# sources

# all known message sources
source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the
syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" program_override("kernel: "));
};


######
# destinations

destination df_auth { file("/var/log/auth.log"); };
destination df_syslog { file("/var/log/syslog"); };
destination df_cron { file("/var/log/cron.log"); };
destination df_daemon { file("/var/log/daemon.log"); };
destination df_kern { file("/var/log/kern.log"); };
destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
destination df_news_dot_crit { file("/var/log/news/news.crit"
owner("news")); };
destination dr_all { tcp("syslog.example.com"); };

######
# filters

filter f_auth { facility(auth, authpriv); };
filter f_ignore_this { not facility(local2); };
filter f_syslog { not (filter(f_auth) and filter(f_ignore_this)); };
filter f_cron { facility(cron) and not filter(f_ignore_this); };
filter f_daemon { facility(daemon) and not filter(f_ignore_this); };
filter f_kern { facility(kern) and not filter(f_ignore_this); };
filter f_mail { facility(mail) and not filter(f_ignore_this); };
filter f_news { facility(news) and not filter(f_ignore_this); };
filter f_at_least_info { level(info..emerg); };
filter f_at_least_crit { level(crit..emerg); };

######
# logs

log {
        source(s_all);
        destination(dr_all);
};
log {
        source(s_all);
        filter(f_auth);
        destination(df_auth);
};
log {
        source(s_all);
        filter(f_syslog);
        destination(df_syslog);
};
log {
        source(s_all);
        filter(f_cron);
        destination(df_cron);
};
log {
        source(s_all);
        filter(f_daemon);
        destination(df_daemon);
};
log {
        source(s_all);
        filter(f_kern);
        destination(df_kern);
};
log {
        source(s_all);
        filter(f_mail);
        filter(f_at_least_info);
        destination(df_facility_dot_info);
};
log {
        source(s_all);
        filter(f_news);
        filter(f_at_least_crit);
        destination(df_news_dot_crit);
};
[/code:37zd3fq9]