[rsyslog-notify] Forum Thread: Re: Legacy to Modern - (Mode 'edit_last_post')

noreply at adiscon.com noreply at adiscon.com
Fri Sep 18 19:22:56 CEST 2015 

User: mpse 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25932#p25932

Message: 
----------
Thank you Rainer.

[quote="rgerhards":10vl5vvs]Be careful, you need to have an input()
statement to run the file monitor. The legacy statement has no real
equivalent as this is now done via input(). [/quote:10vl5vvs]

Yes. I did add the input() and logs are now being forwarded.

[quote="rgerhards":10vl5vvs]On the control characters I unfortunately do
not know out of my head. [/quote:10vl5vvs]

For the time being, I will still continue to use the legacy syntax. The
same for PrivDropToUser, and PrivDropToGroup. I just could not find the
equivalents.

Other missing pieces manifested themselves when setting up the server. From
the client, I am syslogging certain logs as local7 facility. In the old
format I was able to tell DynaFile to only process local7 logs. There seems
not be a way to do this in the modern script, at least I could not find
any. Examples below explains this:

I am forwarding this from the client - logs belong to the same program:

<snip>
input(type="imfile"
        File="/var/log/sources/stats.log"
        Tag="stats"
        Severity="info"
        Facility="local7")

input(type="imfile"
        File="/var/log/sources/access.log"
        Tag="acc_log"
        Severity="info"
        Facility="local7")
</snip>


At the server:

Legacy:

$ModLoad imrelp # Load the input module ('im') 'relp'
$InputRELPServerRun 20514 # rsyslog relp port
$EscapeControlCharactersOnReceive off
$template DynaFile,"/var/log/dests/%SYSLOGTAG%.log"
local7.* ?DynaFile

Modern:

module(load="imrelp" ruleset="test_rs")
input(type="imrelp" port="20514")
template(name="test_te" type="string"
string="/var/log/dests/%SYSLOGTAG%.log")
ruleset(name="test_rs"){
        action(type="omfile" dynaFile="test_te")
}

The above (modern) example works, i.e. it writes the files to the
directory. However, it writes all facilities as well from the client. I
tried converting to list instead of string for the template type, however,
I couldn't get it to write to files locally. I went through the
documentation couple of times and I just couldn't find working examples
using the modern syntax.

Thanks again, and input is always appreciated.

More information about the rsyslog-notify mailing list