Re: [rsyslog] hostname-specific IncludeConfig statements?

Tue, 19 Aug 2014 06:54:30 -0700 


On Tue, Aug 19, 2014, at 01:49 AM, Rainer Gerhards wrote:
> To me, it sounds like you would like to do a lookup on a hostname and
> select a set of rules for execution based on the lookup result.

I want to centrally define & administer a set of rsyslog rules, share them, and 
have only the rules 'allowed' for a specific host to be executed

> You cannot do this either (we are open for sponsorship and patches ;)), but
> you can do
> 
> if $hostname == "host1" then {
>  ...
> } else if $hostname == "host2" then {
> ...
> }

As an example, since I don't want to create arbitrary/useless paths (and 
CreatePath doesn't seem to work, anyway), I want to have a bind9 logging rule 
executed ONLY on machines where the Socket already exists, or should exist.

This works, logging as intended

        cat /etc/rsyslog.d/bind9.conf
                input(type="imuxsock" Socket="/var/chroot/named/dev/log" 
CreatePath="on")
                if $programname == 'named' then {
                        action(type="omfile" sync="off" 
file="/var/log/named/main.log")
                    }
                }
                if $programname == 'named' then stop

But if I wrap it so that the rules are only active for a specified host

        cat /etc/rsyslog.d/bind9.conf
+               if $hostname == "dnssvr" then {
                        input(type="imuxsock" 
Socket="/var/chroot/named/dev/log" CreatePath="on")
                        if $programname == 'named' then {
                                action(type="omfile" sync="off" 
file="/var/log/named/main.log")
                            }
                        }
                        if $programname == 'named' then stop
+               }

When I try to start rsyslog

        /usr/sbin/rsyslogd -n

It fails, logging an error

        rsyslogd: error during parsing file /etc/rsyslog.d/bind9.conf, on or 
before line 2: syntax error on token 'input(' [try 
http://www.rsyslog.com/e/2207 ]
        rsyslogd: CONFIG ERROR: could not interpret master config file 
'/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2207 ]
        rsyslogd: run failed with error -2207 (see rsyslog.h or try 
http://www.rsyslog.com/e/2207 to learn what that number means)

Terry
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to