Re: [rsyslog] Can I specify a single level for a log?
On 3/13/2018 12:34 PM, LuKreme wrote: On Mar 13, 2018, at 11:15, deoren wrote: Here is an untested solution using the "advanced" format: Oh my, that is fascinating,. I hadn't come across the advanced format yet, but that does look like it's a lot more readable, at least. I will definitely give that a shot, but I am going to have to grok it a little bit better before I do. Understood. Here is another resource (one of a great many) which is good to look over: https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html Quick follow up on the old format: ftp.info;ftp.warn Does that exclude ONLY warnings, or warnings and higher (lower numeric code)? TBH, I'm not sure. I try to not use the format unless forced to do so (that's just my personal preference). More info on the format can be found here: http://www.rsyslog.com/doc/v8-stable/configuration/sysklogd_format.html https://wiki.gentoo.org/wiki/Rsyslog#Filtering There are some formatting issues with the first link (in the queue to be fixed by a PR), but the information is still usable. The second has some coverage that you may find useful. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Can I specify a single level for a log?
> On Mar 13, 2018, at 11:15, deoren > wrote: > Here is an untested solution using the "advanced" format: Oh my, that is fascinating,. I hadn't come across the advanced format yet, but that does look like it's a lot more readable, at least. I will definitely give that a shot, but I am going to have to grok it a little bit better before I do. Quick follow up on the old format: ftp.info;ftp.warn Does that exclude ONLY warnings, or warnings and higher (lower numeric code)? -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Can I specify a single level for a log?
On 3/13/2018 11:57 AM, LuKreme wrote:
I would like to log warnings for a service to a separate file, but not warning
or higher, just warnings.
So, for example if I wanted all the ftp info to go to ftp.log, but all the
warnings to go to ftp-warn.log and everything with a higher level to go to
ftp-error.log how would I set that up in rsyslog.conf?
ftp.info;ftp.warn;ftp.crit;ftp.err /var/log/ftp.log
ftp.warn;ftp.crit;ftp.err /var/log/ftp-warn.log
ftp.crit
/var/log/ftp-error.log
??
I suspect I am missing something here, but I am just reading through he
documentation for the first time.
You can probably pull it off using the older format, but I'm personally
a fan of the newer format. It's a bit verbose, but IMO it makes the
intention a lot clearer.
Here is an untested solution using the "advanced" format:
# /etc/rsyslog.d/20-ftp.conf
# Goals from mailing list post:
#
# all the ftp info to go to ftp.log
# all the warnings to ftp-warn.log
# everything higher to ftp-error.log
# References:
#
# http://lists.adiscon.net/pipermail/rsyslog/2018-March/045208.html
# https://wiki.gentoo.org/wiki/Rsyslog#Severity
# https://wiki.gentoo.org/wiki/Rsyslog#Facility
# http://www.rsyslog.com/doc/v8-stable/configuration/properties.html
# Proposed (untested) configuration fragment
if ($syslogfacility-text == 'ftp') then {
action(type="omfile" file="/var/log/ftp.log")
# 'warning' = numerical code of 4
if syslogseverity-text == 'warning' then {
action(type="omfile" file="/var/log/ftp-warn.log")
}
# 4 is warning
# 3 is error
# 2 is crit
# 1 is alert
# 0 is emerg
else if syslogseverity < 4 then {
action(type="omfile" file="/var/log/ftp-error.log")
}
# Drop all 'ftp' facility messages. By this point those messages
# should have already been logged in one of the previously
# specified files.
stop
}
Link to file on GitHub:
https://github.com/deoren/rsyslog-examples/blob/master/mailing-list/20-ftp.conf
More info on config formats:
http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
[rsyslog] Can I specify a single level for a log?
I would like to log warnings for a service to a separate file, but not warning or higher, just warnings. So, for example if I wanted all the ftp info to go to ftp.log, but all the warnings to go to ftp-warn.log and everything with a higher level to go to ftp-error.log how would I set that up in rsyslog.conf? ftp.info;ftp.warn;ftp.crit;ftp.err /var/log/ftp.log ftp.warn;ftp.crit;ftp.err /var/log/ftp-warn.log ftp.crit /var/log/ftp-error.log ?? I suspect I am missing something here, but I am just reading through he documentation for the first time. -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
