rsyslog

179 shaares

Links per page

20 50 100

1 result tagged log

rsyslog

PRIORITY

0   emerg   Emergency: system is unusable               # A "panic" condition - notify all tech staff on call? (Earthquake? Tornado?) - affects multiple apps/servers/sites.
1   alert   Alert: action must be taken immediately     # Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection.
2   crit    Critical: critical conditions               # Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection.
3   err     Error: error conditions                     # Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time.
4   warning Warning: warning conditions                 # Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time.
5   notice  Notice: normal but significant condition    # Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6   info    Informational: informational messages       # Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required.
7   debug   Debug: debug-level messages                 # Info useful to developers for debugging the app, not useful during operations.

FACILITY

0   kern        kernel messages
1   user        user-level messages
2   mail        mail system
3   daemon      system daemons
4   auth        security/authorization messages
5   syslog      messages generated internally by syslogd
6   lpr         line printer subsystem
7   news        network news subsystem
8   uucp        UUCP subsystem
9   cron        clock daemon
10  authpriv    security/authorization messages
11              FTP daemon
12              NTP subsystem
13              log audit
14              log alert
15              clock daemon
16  local0      local use 0
17  local1      local use 1
18  local2      local use 2
19  local3      local use 3
20  local4      local use 4
21  local5      local use 5
22  local6      local use 6
23  local7      local use 7

BALANCER

# balancer
#$template balancer,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %msg%\n"
#$template balancer,"%$DAY%-%$MONTH%-%$YEAR% %HOSTNAME% %syslogtag% %msg%\n"
#$template BALANCER,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %msg%\n"

#$template _balancer,"%timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$template _balancer,"%timegenerated:::date-mysql% %timereported:::date-subseconds% %HOSTNAME% %syslogtag% %msg%\n"

# local7._balancer              /var/log/balancer/_balancerd.log;_balancer
#local7._worker             /var/log/balancer/_worker.log;_balancer

#if $msg startswith 'Mar' and $syslogpriority-text == 'err' then /var/log/_balancer/_balancerd.error;_balancer
if $msg contains '_balancerd' and $syslogpriority-text == 'err' then /var/log/_balancer/_balancerd.error

#:msg, regex, "_balancerd"  /var/log/_balancer/_balancerd.error
#:rawmsg, regex, "bal"  /var/log/_balancer/_balancerd.error
#:rawmsg, regex, "^Mar" /var/log/_balancer/_balancerd.error
#:msg, contains, "_balancerd"   /var/log/_balancer/_balancerd.error
#:syslogpriority, isequal, "err" \
#/var/log/_balancer/_balancerd.error;_balancer

BALANCER

#local7.debug           /var/log/_balancer.debug;balancer
$template localhost,"%timegenerated% %HOSTNAME% %syslogtag% %programname%%msg%\n" # default
$template balancer,"%timegenerated:::date-mysql% %timereported:::date-subseconds% %msg%\n"
template(name="TEST" type="string" string="%timegenerated% -HOSTNAME=%HOSTNAME% -syslogtag=%syslogtag% -programname=%programname% -syslogfacility=%syslogfacility% -syslogfacility-text=%syslogfacility-text% -syslogseverity=%syslogseverity% -syslogseverity-text=%syslogseverity-text% -syslogpriority=%syslogpriority% -syslogpriority-text=%syslogpriority-text% -inputname=%inputname% -app-name=%app-name% -procid=%procid% -msgid=%msgid% %msg%")

BIND

#:msg, regex, "balancerd" /var/log/balancer/balancerd.err
#& stop
#:rawmsg, regex, "bal"  /var/log/_balancer/_balancerd.err; template & stop
#:msg, contains, "_balancerd"   /var/log/_balancer/_balancerd.err
#:syslogpriority, isequal, "err" \
#/var/log/_balancer/_balancerd.err;_balancer

############################## TEMPLATE
#
# local7.debug          /var/log/_balancer.debug;balancer
# $template balancer,"%timegenerated:::date-mysql% %timereported:::date-subseconds% %HOSTNAME% %syslogtag% %programname% %msg%\n"

################ MESSAGE
#
# datetime
# template(name="TIME" type="string" string="%timegenerated:::date-mysql%.%timereported:::date-subseconds% %programname%%msg%\n")
#
# default
# template(name="DEFAULT" type="string" string="%timegenerated% %HOSTNAME% %syslogtag% %programname%%msg%\n")
#
# all properties
# template(name="ALL" type="string" string="%timegenerated% -HOSTNAME=%HOSTNAME% -syslogtag=%syslogtag% -programname=%programname% -syslogfacility=%syslogfacility% -syslogfacility-text=%syslogfacility-text% -syslogseverity=%syslogseverity% -syslogseverity-text=%syslogseverity-text% -syslogpriority=%syslogpriority% -syslogpriority-text=%syslogpriority-text% -inputname=%inputname% -app-name=%app-name% -procid=%procid% -msgid=%msgid% -fromhost=%fromhost% -fromhost-ip=%fromhost-ip% %msg%\n")

$template APACHE,"%msg%\n"

############### FILE
#
# file template to agregate virtualhost logs with unique & global containers view
# $template DYNFILE,"/var/lib/vz/log/apache2/%programname%.%syslogseverity-text%"
# file template to separate virtualhost logs by containers Ip provenance
# $template DYNFILE,"/var/lib/vz/log/%fromhost-ip%/apache2/%programname%.%syslogseverity-text%"

# WARNNING: if you change the path, you must have to adjust parameters in fail2ban & logrotate config file
$template DYNFILE,"S_HOSTING_PATH_LOG/apache2/%programname%.%syslogseverity-text%"

############################## BIND
#
# examples:
# :msg, contains, "localhost" /var/log/apache2/localhost.log; localhost & stop
# :msg, regex, "balancerd" /var/log/balancer/balancerd.err
# :rawmsg, regex, "bal" /var/log/_balancer/_balancerd.err
# :msg, contains, "_balancerd"  /var/log/_balancer/_balancerd.err
# :syslogpriority, isequal, "err" \
# & stop
# if $msg == '' and $syslogpriority-text == 'info' then /var/log/apache2/localhost.log; localhost
# if $programname == 'apache2' and $syslogpriority-text == 'info' then /var/log/apache2/localhost.log; balancerd

:syslogtag, contains, "apache"       -?DYNFILE; APACHE & stop

# WARNNING: if you change the path, you must have to adjust parameters in fail2ban & logrotate config file
:syslogtag, contains, "apache"       -S_HOSTING_PATH_LOG/apache2/others.log; APACHE & stop

bash · log

Mon Oct 8 18:28:21 2018 * · permalink

http://code.ambau.ovh/snippets/rsyslog.html