[rsyslog-notify] Forum Thread: Re: Rsyslog logging using variables - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Sep 18 23:08:02 CEST 2015
User: Jzeolla
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25935#p25935
Message:
----------
I seem to not be able to edit my prior message, but I was able to get it to
parse properly with the new config. Below is the latest:
[code:2q5sfcbx]# Set template(s)
template(name="facilityfiles" type="string"
string="/var/log/%syslogfacility-text%.log")
# Log all syslog remotely over TCP
@@log.example.com:514
# Write auth and authpriv logs to auth.log
auth,authpriv.* {
/var/log/auth.log
stop
}
# Write everything going to local4 to /var/log/messages
local4.* /var/log/messages
# Ignore everything going to local2, but still send it remotely
local2.* stop
# Write everything other than local2 and auth,authpriv to the catchall
syslog file
*.* /var/log/syslog
# Write messages to /var/log/messages
if ($syslogseverity-text == ["info", "notice", "warn"] and not
$syslogfacility-text == ["auth", "authpriv", "cron", "daemon", "mail",
"news"]) then /var/log/messages
# Write cron,user,uucp to their respective .log files and sync after
each message
if $syslogfacility-text == ["cron", "user", "uucp"] then
?facilityfiles
# Write daemon,kern,lpr,mail to their respective .log files and do not
sync after each message
if $syslogfacility-text == ["daemon", "kern", "lpr", "mail"] then
-?facilityfiles
# Write mail to separate logs depending on the severity level and do not
sync after each message
if ($syslogfacility-text == "mail" and $syslogseverity < 7 ) then
-/var/log/mail.info
if ($syslogfacility-text == "mail" and $syslogseverity < 5 ) then
-/var/log/mail.warn
if ($syslogfacility-text == "mail" and $syslogseverity < 3 ) then
-/var/log/mail.crit
# Write news to separate logs depending on the serverity level and set the
user to "news"
if ($syslogfacility-text == "news" and $syslogseverity < 7) then
action(type="omfile" file="/var/log/news/news.crit" sync="on"
dirCreateMode="0755" dirOwner="news" dirGroup="adm" fileOwner="news"
fileGroup="adm" fileCreateMode="0640")
if ($syslogfacility-text == "news" and $syslogseverity < 6) then
action(type="omfile" file="/var/log/news/news.notice" sync="on"
dirCreateMode="0755" dirOwner="news" dirGroup="adm" fileOwner="news"
fileGroup="adm" fileCreateMode="0640")
if ($syslogfacility-text == "news" and $syslogseverity < 4) then
action(type="omfile" file="/var/log/news/news.err" sync="on"
dirCreateMode="0755" dirOwner="news" dirGroup="adm" fileOwner="news"
fileGroup="adm" fileCreateMode="0640")
# Write debug messages and do not sync after each message
if ($syslogseverity-text == "debug" and not $syslogfacility-text ==
["auth", "authpriv", "news", "mail"]) then -/var/log/debug
# Write messages of emergency severity to the console
*.emerg -/dev/console
[/code:2q5sfcbx]
More information about the rsyslog-notify
mailing list