Re: [rsyslog] rsyslog config file format - please provide feedback

Fri, 07 Sep 2007 04:34:01 -0700 

On 2007-09-06, Rainer Gerhards <[EMAIL PROTECTED]> wrote:
>
> http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html
>
> I would deeply appreciate any feedback on the samples and format
> suggestions.

/me thinks you're getting way too little feedback on the blog, 
or this list. Unfortunately I don't have much more than simple
preference to contribute here..

XML-based format: 

        Yikes, you'll need an additional human readable frontend
        format that's converted to XML for it to be usable. You
        can't expect us poor sysadmins to be editing XML
        directly to configure rsyslogd.. 

syslog-ng like:
        
        Fair enough.. It works for my usage.

Metalog like:

        No experience..

Apache like:

        Not sure I understand this.. Seems like a mix of option/value
        and xml'ish for some functionality.

Programming like..:

        Of the samples in the wiki, I most prefer the BASIC-like. It 
        resembles python to me, and also "mon"'s config format. Very
        readable. http://mon.wiki.kernel.org/index.php/Mon_Manual

        The c-like with functions seems too complex:

                if1:
                {
                    if(%severity < "debug" && lower(substr(%msg, 5, 3)) != 
"err")
                }

                action1()
                {
                   action(type=filewrite, file="/var/log/mail.log")
                }

                rule1()
                {
                   if1()
                   action1()
                   action(type=filewrite, file="/var/log/messages.log")
                }

                rule(if1,action1)
                ruleset(rule1, rule(if1, action(type=filewrite, 
file="/var/log/messages.log")))
                rule(action1(),input="$all")
                input(type=udp, bind="127.0.0.1")

        I can't parse this..  Does rule1() break out of if1() is false?
        Then I guess writes to /var/log/messages.log woun't happen if
        action1 for some reason failed ? Contrast it to mon's config
        translated to syslogging:

                # Define some groups of servers:
                hostgroup mailservers server1 server2 server3
                hostgroup webservers server4 server5
        
                watch mailservers
                        severity > debug
                                SUBMSG = lower(substr(%msg, 5, 3))
                                SUBMSG != "err"
                                        logwrite /var/log/mail.log
                                        logwrite /var/log/messages.log
                                SUBMSG == "err"
                                        logwrite /var/log/err.log

                watch webservers
                        programname == httpd
                                severity == crit
                                        cmd wall "httpd critical: $msg"
                                        logwrite /var/log/crit.log
                                severity < crit
                                        logwrite /var/log/httpd.log
                        
                        
        Each indentation means it's depending on the previous
        statement being true. You might need to be drinking the python
        Kool-Aid to see the beauty :-)


  -jf

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog

Reply via email to