covers
1. rsyslog conf rules, filters, properties
2. rsyslog conf file syntax check
3. logger as syslog client
logger client can be used to set programname "property" of conf file. (ref. https://www.rsyslog.com/files/temp/doc-indent/configuration/properties.html)
miten@debmiten:~$ logger "miten test1" #use logged in user as programname
miten@debmiten:~$ logger -t "games" "games here from miten" #use games as programname
cat miten.conf
:programname, contains, "miten" /var/log/miten
:programname, isequal, "games" /var/log/games
we use filters to divert messages to files.
(ref. https://www.rsyslog.com/doc/configuration/filters.html)
syntax check for conf file.
root@debmiten:/etc/rsyslog.d# rsyslogd -f miten.conf -N1
rsyslogd: version 8.2302.0, config validation run (level 1), master config miten.conf
rsyslogd: End of config validation run. Bye.
restart to use edited conf file
root@debmiten:/etc/rsyslog.d# systemctl restart rsyslog
As per conf on running client logger we see files generated to /var/log (directory base is as per /etc/rsyslog.conf)
root@debmiten:/var/log# ls
apache2 boot.log.2 cron.log.1 games kibana README user.log
apt boot.log.3 cron.log.2.gz gdm3 lastlog runit user.log.1
auth.log boot.log.4 cron.log.3.gz installer logstash speech-dispatcher user.log.2.gz
auth.log.1 boot.log.5 cron.log.4.gz journal miten syslog user.log.3.gz
auth.log.2.gz boot.log.6 cups kern.log mosquitto syslog.1 user.log.4.gz
auth.log.3.gz boot.log.7 dpkg.log kern.log.1 mysql syslog.2.gz wtmp
auth.log.4.gz btmp dpkg.log.1 kern.log.2.gz nginx syslog.3.gz
boot.log btmp.1 elasticsearch kern.log.3.gz postgresql syslog.4.gz
boot.log.1 cron.log firebird kern.log.4.gz private unattended-upgrades
root@debmiten:/var/log# cat games
2024-08-07T16:23:52.156361+05:30 debmiten games: games here from miten
root@debmiten:/var/log# cat miten
2024-08-07T16:15:10.513358+05:30 debmiten miten: miten test1
