[rsyslog-notify] Forum Thread: Re: Rsyslog logging using variables - (Mode 'edit_last_post')

Thu Sep 17 14:44:55 CEST 2015

User: Jzeolla 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25923#p25923

Message: 
----------
My goal is to model how syslog-ng does client configs which is to set your
sources, destinations, filters, and then set the actual logging event using
those groupings.  Below is what the previous rsyslog config was modeled
after in syslog-ng land (if you read through it's rather intuitive).  I
would like to replicate the configuration in a way where the settings are
all defined at the top of my script (similar to filters) and then have a
section where I include those settings and take an action on them (similar
to the log event in syslog-ng).  

Thanks for the info - I removed the $!permissions from my last script for
now and instead just placed the values in each action, but I would prefer
to do something similar with templates.  

[code:37zd3fq9]######
# sources

# all known message sources
source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the
syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" program_override("kernel: "));
};

######
# destinations

destination df_auth { file("/var/log/auth.log"); };
destination df_syslog { file("/var/log/syslog"); };
destination df_cron { file("/var/log/cron.log"); };
destination df_daemon { file("/var/log/daemon.log"); };
destination df_kern { file("/var/log/kern.log"); };
destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
destination df_news_dot_crit { file("/var/log/news/news.crit"
owner("news")); };
destination dr_all { tcp("syslog.example.com"); };

######
# filters

filter f_auth { facility(auth, authpriv); };
filter f_ignore_this { not facility(local2); };
filter f_syslog { not (filter(f_auth) and filter(f_ignore_this)); };
filter f_cron { facility(cron) and filter(f_ignore_this); };
filter f_daemon { facility(daemon) and filter(f_ignore_this); };
filter f_kern { facility(kern) and filter(f_ignore_this); };
filter f_mail { facility(mail) and filter(f_ignore_this); };
filter f_news { facility(news) and filter(f_ignore_this); };
filter f_at_least_info { level(info..emerg); };
filter f_at_least_crit { level(crit..emerg); };

######
# logging events

# Send all logs remotely
log {
        source(s_all);
        destination(dr_all);
};

# Send specific logs to local files
log {
        source(s_all);
        filter(f_auth);
        destination(df_auth);
};
log {
        source(s_all);
        filter(f_syslog);
        destination(df_syslog);
};
log {
        source(s_all);
        filter(f_cron);
        destination(df_cron);
};
log {
        source(s_all);
        filter(f_daemon);
        destination(df_daemon);
};
log {
        source(s_all);
        filter(f_kern);
        destination(df_kern);
};
log {
        source(s_all);
        filter(f_mail);
        filter(f_at_least_info);
        destination(df_facility_dot_info);
};
log {
        source(s_all);
        filter(f_news);
        filter(f_at_least_crit);
        destination(df_news_dot_crit);
};
[/code:37zd3fq9]