[rsyslog] Request for suggestions to handle priority of syslog message efficiently

[DHAVAL, Krishnarao (GE Renewable Energy, consultant) via rsyslog]

Hi,

My name is Krishna from India, work for GE Renewable Energy.
Below is my requirement.

There are some applications (approximately 20) running in the system that 
generate event logs.
My rsyslog based syslog client should monitor all the events generated by all 
applications and forward them to syslog server as per configuration mentioned 
in /etc/rsyslog.conf. I am using Kiwi Syslog Server from SolarWinds as a server.
I referred rsyslog documentation and found 'imfile' input module is best 
suitable for my requirement. I create different files in the system. I save 
event logs from different applications to different files. I configure those 
files as input parameters to 'imfile' rule, so that the event logs coming into 
the files get monitored by rsyslog daemon and get forwarded to syslog server 
based on output rule mentioned in /etc/rsyslog.conf.

Applications that are running in the system can log the events of any severity. 
As per the standard, there are 8 different severities (Emergency - 0, Alert -   
          1, Critical - 2, Error - 3, Warning - 4, Notice - 5, Info - 6, Debug 
- 7).
For one application, to handle the logs of different severities, 8 different 
files can be created and the same can be mentioned in 8 'imfile' rules. In this 
way, event log with different severity can be saved into different file and the 
same can be monitored and forwarded to syslog server by rsyslogd.

So, for my requirement to have 20 applications running in the system and to 
support syslog functionality to all the applications, I need to create 160 (20 
* 8) different files to handle event logs of different severities from 
different applications. I feel this is not efficient way.

I request your suggestions to handle priority (can be calculated based on 
facility and severity of log message) information efficiently for my 
requirement.

Thanks so much in advanced.

With best regards,
Krishna
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.