rsyslog

covers

1. rsyslog conf rules, filters, properties

2. rsyslog conf file syntax check

3. logger as syslog client 

logger client can be used to set programname "property" of conf file. (ref. https://www.rsyslog.com/files/temp/doc-indent/configuration/properties.html)

miten@debmiten:~$ logger "miten test1" #use logged in user as programname
miten@debmiten:~$ logger -t "games" "games here from miten" #use games as programname

cat miten.conf 

:programname, contains, "miten"   /var/log/miten

:programname, isequal, "games" /var/log/games

we use filters to divert messages to files.

(ref. https://www.rsyslog.com/doc/configuration/filters.html)

syntax check for conf file.

root@debmiten:/etc/rsyslog.d# rsyslogd -f miten.conf -N1

rsyslogd: version 8.2302.0, config validation run (level 1), master config miten.conf

rsyslogd: End of config validation run. Bye.

restart to use edited conf file

root@debmiten:/etc/rsyslog.d# systemctl restart rsyslog

As per conf on running client logger we see files generated to /var/log (directory base is as per /etc/rsyslog.conf)

root@debmiten:/var/log# ls
apache2 boot.log.2 cron.log.1 games kibana README user.log
apt boot.log.3 cron.log.2.gz gdm3 lastlog runit user.log.1
auth.log boot.log.4 cron.log.3.gz installer logstash speech-dispatcher user.log.2.gz
auth.log.1 boot.log.5 cron.log.4.gz journal miten syslog user.log.3.gz
auth.log.2.gz boot.log.6 cups kern.log mosquitto syslog.1 user.log.4.gz
auth.log.3.gz boot.log.7 dpkg.log kern.log.1 mysql syslog.2.gz wtmp
auth.log.4.gz btmp dpkg.log.1 kern.log.2.gz nginx syslog.3.gz
boot.log btmp.1 elasticsearch kern.log.3.gz postgresql syslog.4.gz
boot.log.1 cron.log firebird kern.log.4.gz private unattended-upgrades

root@debmiten:/var/log# cat games
2024-08-07T16:23:52.156361+05:30 debmiten games: games here from miten

root@debmiten:/var/log# cat miten
2024-08-07T16:15:10.513358+05:30 debmiten miten: miten test1