[rsyslog] rsyslog 5.8.10 and if then action

Fri, 17 May 2013 01:22:23 -0700 

Hello Rainer,
I'm using on RHEL 6.4 the supported rsyslog 5.8.10 version.
My environment is :
-)2 client rsyslog (A and B) that send application logs to 1 server (C) where is a centralized rsyslog server 
-)each client, tag each file, before send them to server C
-)server C receive and split to the same log file name using filter based on hostname, facility, tag, -)server C should create directory based on %HOSTNAME% permission and owner file based of some criteria 


ES: client A send "test1" file with messages tagged as "test1" 
---->server C receives message from client A and write to /clientA/test1.log


Reading your doc it should be simple but something doesn't work.
Could you please explain what is wrong in the following configuration?

I'll attach the two configurations:

*_ClientA:_**_
_*# add module to load external file
$ModLoad imfile

$InputFileName /appl/logs/test1.log
$InputFileTag test1
$InputFileStateFile file1
$InputFileSeverity debug
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePersistStateInterval 1000

$InputFileName /appl/logs/test2.log
$InputFileTag test2
$InputFileStateFile file2
$InputFileSeverity debug
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePersistStateInterval 1000

local6.*   @@10.10.1.10:10514


_*ServerC:*_
#### MODULES ####


$ModLoad imuxsock # provides support for local system logging (e.g. via 
logger command)
$ModLoad imklog   # provides kernel logging support (previously done by 
rklogd)


# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 10514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


# File syncing capability is disabled by default. This feature is 
usually not required,

# not useful and an extreme performance hit
$ActionFileEnableSync off

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

##### working statements ######

if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and 
$syslogseverity-text == 'debug' and $syslogtag == 'test1' then 
/rsyslog-data/app01/test1.log
if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and 
$syslogseverity-text == 'debug' and $syslogtag == 'test2' then 
/rsyslog-data/app01/test2.log

########################



### if I substitute previous lines with following statement, rsyslog  
doesn't log and no error messages on /var/log/messages #####



if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and 
$syslogseverity-text == 'debug' and $syslogtag == 'test1' then 
action(type="omfile" DirCreateMode="0700" FileCreateMode="0644" 
FileOwner="robert" FileGroup="users" File="/rsyslog-data/app01/test1.log")



if $fromhost-ip == '10.10.1.10' and $syslogfacility-text == 'local6' and 
$syslogseverity-text == 'debug' and $syslogtag == 'test2' then 
action(type="omfile" DirCreateMode="0700" FileCreateMode="0644" 
FileOwner="alex" FileGroup="users" File="/rsyslog-data/app01/test2.log")


###########################

My scope is to customize user permissions for each file based on syslogtag
Could you please help me?

I don't know which modules are built-in on rsyslog 5.8.10 on rhel 6.4
The module dir installed on ServerC are only :

-rwxr-xr-x. 1 root root  15448 Jan  9 17:47 imfile.so
-rwxr-xr-x. 1 root root  27232 Jan  9 17:47 imklog.so
-rwxr-xr-x. 1 root root   6480 Jan  9 17:47 immark.so
-rwxr-xr-x. 1 root root  10800 Jan  9 17:47 impstats.so
-rwxr-xr-x. 1 root root  19304 Jan  9 17:47 imptcp.so
-rwxr-xr-x. 1 root root  11088 Jan  9 17:47 imtcp.so
-rwxr-xr-x. 1 root root  15224 Jan  9 17:47 imudp.so
-rwxr-xr-x. 1 root root 340568 Jan  9 17:47 imuxsock.so
-rwxr-xr-x. 1 root root  26984 Jan  9 17:47 lmnet.so
-rwxr-xr-x. 1 root root  20144 Jan  9 17:47 lmnetstrms.so
-rwxr-xr-x. 1 root root  32208 Jan  9 17:47 lmnsd_gtls.so
-rwxr-xr-x. 1 root root  24336 Jan  9 17:47 lmnsd_ptcp.so
-rwxr-xr-x. 1 root root   6144 Jan  9 17:47 lmregexp.so
-rwxr-xr-x. 1 root root  20320 Jan  9 17:47 lmstrmsrv.so
-rwxr-xr-x. 1 root root  10240 Jan  9 17:47 lmtcpclt.so
-rwxr-xr-x. 1 root root  24848 Jan  9 17:47 lmtcpsrv.so
-rwxr-xr-x. 1 root root   6144 Jan  9 17:47 lmzlibw.so
-rwxr-xr-x. 1 root root  14800 Jan  9 17:47 ommail.so
-rwxr-xr-x. 1 root root  10248 Jan  9 17:47 omprog.so
-rwxr-xr-x. 1 root root  10400 Jan  9 17:47 omruleset.so
-rwxr-xr-x. 1 root root  10240 Jan  9 17:47 omtesting.so
-rwxr-xr-x. 1 root root  10592 Jan  9 17:47 omuxsock.so
-rwxr-xr-x. 1 root root  10800 Jan  9 17:47 pmlastmsg.so


Unfortunately I can't install from source the last rsyslog version 
available :-(


Regards,
Roberto.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to