Ping a Specific Port

Question

Gregory MOUSSAT

Asked: 2014-10-06 12:39:15 +0800 CST2014-10-06 12:39:15 +0800 CST 2014-10-06 12:39:15 +0800 CST

rsyslog configuration syntax

772

I need to take several actions for some log messages. For example I want to log them to different files according to severity.

Everything is ok if I use this:

if $programname == 'myprog'                                       then -/var/log/myprog.log
if $programname == 'myprog' and $syslogseverity-text >= 'warning' then -/var/log/myprog-alert.log
if $programname == 'myprog' ~

This log every messages emitted by 'myprog' to /var/log/myprog.log
This log only warning and error message emitted by 'myprog' to -/var/log/myprog-alert.log
And the processing is then stopped (thanks to '~')

.

I's like to have something sexier:

if $programname == 'myprog' then {
    *.*         -/var/log/myprog.log
    *.warning   -/var/log/myprog-alert.log
    ~
}

But this later construction, albeit accepted by rsyslog, do not filter against programname.
For example every messages are written to /var/log/myprog.log even when originating from whatever process.

.

Anyone can explain where is my mistake or misunderstanding ?

.

Final method, from answers below:

use a "modern" rsyslogd. Version > 7.x.y
use this syntax:

if $programname == 'myprog' then {
    *.warning   -/var/log/myprog-alert.log
    *.*         -/var/log/myprog.log
    *.*         stop
}

or this one:

if $programname == 'myprog' then {
    *.warning   -/var/log/myprog-alert.log
                -/var/log/myprog.log
                stop
}

2 Answers

Voted

djmitche · Answer 1 · 2014-10-06T14:56:56+08:00

djmitche

2014-10-06T14:56:56+08:002014-10-06T14:56:56+08:00

Per the rsyslog docs for filters and RanierScript, the multi-line { .. } syntax isn't supported. Rsyslog's parser doesn't often give errors, preferring to just ignore problems or interpret them in a way you didn't intend. Your "sexier" example is probably executing the { action for events matching "myprog" (and I can't find such an action, so I suspect that means "do nothing"). The second and third lines are being treated as legacy-style syslog configuration, and the fourth and fifth are invalid (so again, probably "do nothing")

2

Bertrand SCHITS · Answer 2 · 2014-10-09T15:47:59+08:00

Best Answer

Bertrand SCHITS

2014-10-09T15:47:59+08:002014-10-09T15:47:59+08:00

Your line containing only '~' is wrong. It should be "*.* ~".

I know you mostly use Debian stable. Your rsyslog version is 5.x.y and doesn't accept RanierScript.
You can update to the backports version (7.6.3 currently), then your second example should work.

2

rsyslog configuration syntax

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?