Re: [rsyslog] Can I specify a single level for a log?

[deoren]

On 3/13/2018 11:57 AM, LuKreme wrote:
I would like to log warnings for a service to a separate file, but not warning 
or higher, just warnings.
So, for example if I wanted all the ftp info to go to ftp.log, but all the 
warnings to go to ftp-warn.log and everything with a higher level to go to 
ftp-error.log how would I set that up in rsyslog.conf?

ftp.info;ftp.warn;ftp.crit;ftp.err      /var/log/ftp.log
ftp.warn;ftp.crit;ftp.err                       /var/log/ftp-warn.log
ftp.crit                                                        
/var/log/ftp-error.log

??

I suspect I am missing something here, but I am just reading through he 
documentation for the first time.


You can probably pull it off using the older format, but I'm personally 
a fan of the newer format. It's a bit verbose, but IMO it makes the 
intention a lot clearer.

Here is an untested solution using the "advanced" format:

# /etc/rsyslog.d/20-ftp.conf

# Goals from mailing list post:
#
# all the ftp info to go to ftp.log
# all the warnings to ftp-warn.log
# everything higher to ftp-error.log


# References:
#
# http://lists.adiscon.net/pipermail/rsyslog/2018-March/045208.html
# https://wiki.gentoo.org/wiki/Rsyslog#Severity
# https://wiki.gentoo.org/wiki/Rsyslog#Facility
# http://www.rsyslog.com/doc/v8-stable/configuration/properties.html


# Proposed (untested) configuration fragment


if ($syslogfacility-text == 'ftp') then {

    action(type="omfile" file="/var/log/ftp.log")

    # 'warning' = numerical code of 4
    if syslogseverity-text == 'warning' then {
        action(type="omfile" file="/var/log/ftp-warn.log")
    }

    # 4 is warning
    # 3 is error
    # 2 is crit
    # 1 is alert
    # 0 is emerg
    else if syslogseverity < 4 then {
        action(type="omfile" file="/var/log/ftp-error.log")
    }


    # Drop all 'ftp' facility messages. By this point those messages
    # should have already been logged in one of the previously
    # specified files.
    stop

}


Link to file on GitHub:

https://github.com/deoren/rsyslog-examples/blob/master/mailing-list/20-ftp.conf

More info on config formats:

http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.