Re: [rsyslog] Can I specify a single level for a log?
On 3/13/2018 12:34 PM, LuKreme wrote: On Mar 13, 2018, at 11:15, deoren wrote: Here is an untested solution using the "advanced" format: Oh my, that is fascinating,. I hadn't come across the advanced format yet, but that does look like it's a lot more readable, at least. I will definitely give that a shot, but I am going to have to grok it a little bit better before I do. Understood. Here is another resource (one of a great many) which is good to look over: https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html Quick follow up on the old format: ftp.info;ftp.warn Does that exclude ONLY warnings, or warnings and higher (lower numeric code)? TBH, I'm not sure. I try to not use the format unless forced to do so (that's just my personal preference). More info on the format can be found here: http://www.rsyslog.com/doc/v8-stable/configuration/sysklogd_format.html https://wiki.gentoo.org/wiki/Rsyslog#Filtering There are some formatting issues with the first link (in the queue to be fixed by a PR), but the information is still usable. The second has some coverage that you may find useful. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Can I specify a single level for a log?
> On Mar 13, 2018, at 11:15, deoren > wrote: > Here is an untested solution using the "advanced" format: Oh my, that is fascinating,. I hadn't come across the advanced format yet, but that does look like it's a lot more readable, at least. I will definitely give that a shot, but I am going to have to grok it a little bit better before I do. Quick follow up on the old format: ftp.info;ftp.warn Does that exclude ONLY warnings, or warnings and higher (lower numeric code)? -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Can I specify a single level for a log?
On 3/13/2018 11:57 AM, LuKreme wrote: I would like to log warnings for a service to a separate file, but not warning or higher, just warnings. So, for example if I wanted all the ftp info to go to ftp.log, but all the warnings to go to ftp-warn.log and everything with a higher level to go to ftp-error.log how would I set that up in rsyslog.conf? ftp.info;ftp.warn;ftp.crit;ftp.err /var/log/ftp.log ftp.warn;ftp.crit;ftp.err /var/log/ftp-warn.log ftp.crit /var/log/ftp-error.log ?? I suspect I am missing something here, but I am just reading through he documentation for the first time. You can probably pull it off using the older format, but I'm personally a fan of the newer format. It's a bit verbose, but IMO it makes the intention a lot clearer. Here is an untested solution using the "advanced" format: # /etc/rsyslog.d/20-ftp.conf # Goals from mailing list post: # # all the ftp info to go to ftp.log # all the warnings to ftp-warn.log # everything higher to ftp-error.log # References: # # http://lists.adiscon.net/pipermail/rsyslog/2018-March/045208.html # https://wiki.gentoo.org/wiki/Rsyslog#Severity # https://wiki.gentoo.org/wiki/Rsyslog#Facility # http://www.rsyslog.com/doc/v8-stable/configuration/properties.html # Proposed (untested) configuration fragment if ($syslogfacility-text == 'ftp') then { action(type="omfile" file="/var/log/ftp.log") # 'warning' = numerical code of 4 if syslogseverity-text == 'warning' then { action(type="omfile" file="/var/log/ftp-warn.log") } # 4 is warning # 3 is error # 2 is crit # 1 is alert # 0 is emerg else if syslogseverity < 4 then { action(type="omfile" file="/var/log/ftp-error.log") } # Drop all 'ftp' facility messages. By this point those messages # should have already been logged in one of the previously # specified files. stop } Link to file on GitHub: https://github.com/deoren/rsyslog-examples/blob/master/mailing-list/20-ftp.conf More info on config formats: http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] Can I specify a single level for a log?
I would like to log warnings for a service to a separate file, but not warning or higher, just warnings. So, for example if I wanted all the ftp info to go to ftp.log, but all the warnings to go to ftp-warn.log and everything with a higher level to go to ftp-error.log how would I set that up in rsyslog.conf? ftp.info;ftp.warn;ftp.crit;ftp.err /var/log/ftp.log ftp.warn;ftp.crit;ftp.err /var/log/ftp-warn.log ftp.crit /var/log/ftp-error.log ?? I suspect I am missing something here, but I am just reading through he documentation for the first time. -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.