Differences

This shows you the differences between two versions of the page.

--- aix:aix_rsyslog [2022/05/18 16:17]
manu
+++ aix:aix_rsyslog [2022/11/21 17:31] (current)
manu [debugging :]
@@ Line 313: / Line 313: @@
 #$PrivDropToUser syslog
 #$PrivDropToGroup syslog
-<code>
+</code>
 ===== centralize login =====
@@ Line 338: / Line 338: @@
 <cli>
-$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+A template that resembles traditional syslogd file output:
+    $template TraditionalFormat,”%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n”
+A template that tells you a little more about the message:
+    $template precise,”%syslogpriority%,%syslogfacility%,%timegenerated%,%HOSTNAME%, %syslogtag%,%msg%\n”
-$template TraditionalFileFormat,"%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+A template for RFC 3164 format:
+    $template RFC3164fmt,”<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%”
+A template for the format traditionally used for user messages:
+    $template usermsg,” XXXX%syslogtag%%msg%\n\r”
+And a template with the traditional wall-message format:
+    $template wallmsg,”\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated%
+A template that can be used for the database write (please note the SQL template option)
+    $template MySQLInsert,”insert iut, message, received at values (‘%iut%’, ‘%msg:::UPPERCASE%’, ‘%timegenerated:::date-mysql%’) into systemevents\r\n”, SQL
+The following template emulates WinSyslog format:
+    $template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,
+%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,
+%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,
+%syslogtag%%msg%\\n"
+$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
 $template ForwardFormat,"<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
@@ Line 348: / Line 370: @@
 $template StdSQLFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
 </cli>
+To assign a msg to a format:
+  kern.crit @server.example.net;RFC3164fmt
+===== Example =====
+<cli prompt='>'>
+[root@aixclt01]/var/log/syslog> cat /etc/rsyslog.conf
+################ Order of the lines is important #################
+# Load the unix socket for local communication                   #
+  $ModLoad imuxsock                                              #
+# Load the UDP module for remote communication                   #
+  $ModLoad imudp                                                 #
+# Run the UDP server on the default port 514                     #
+  $UDPServerRun 514                                              #
+# Load module to read file
+  $ModLoad imfile                                                                #
+#################################################################
+$WorkDirectory /var/log/syslog/
+################
+# Local Logging1
+aso.notice /var/log/aso/aso.log
+aso.info /var/log/aso/aso_process.log
+aso.debug /var/log/aso/aso_debug.log
+caa.debug /var/adm/ras/syslog.caa
+*.emerg /var/log/syslog/emerg.log
+*.alert /var/log/syslog/alert.log
+*.crit /var/log/syslog/crit.log
+*.err /var/log/syslog/error.log
+*.warning /var/log/syslog/warning.log
+*.notice /var/log/syslog/notice.log
+*.info /var/log/syslog/info.log
+auth,authpriv.debug /var/log/syslog/auth.log
+daemon.* /dev/null
+lpr.* /dev/null
+################
+# Remote Logging
+# Read a specific file
+$InputFileName /audit/stream.out
+$InputFileTag "AUDIT_AIX"
+$InputFileStateFile audit-log
+$InputFileSeverity debug
+$InputFileFacility local7
+$InputRunFileMonitor
+local7.debug,*.warning,daemon.info,auth,authpriv.debug,*.emerg @10.10.10.10:514
+#PollingInterval 10
+################
+# Local Logging2
+# Exclude tags from local saving
+:syslogtag, contains, "AUDIT_AIX" ~
+*.debug /var/log/syslog/debug.log
+</cli>
+===== Misc examples =====
+The fourth line tells rsyslogd to save all kernel messages that come with priorities from info up to warning in the file /var/adm/kernel-info. Everything from err and higher is excluded.
+  # The tcp wrapper loggs with mail.info, we display all the connections on tty12
+  mail.=info /dev/tty12
+This directs all messages that uses mail.info (in source LOG_MAIL | LOG_INFO) to /dev/tty12, the 12th console. For example the tcpwrapper tcpd(8) uses this as it’s default.
+  # Store all mail concerning stuff in a file
+  mail.\*;mail.!=info /var/adm/mail
+This will store all messages with the priority crit in the file /var/adm/critical, except for any kernel message.
+  # A template for RFC 3164 format:
+  $template RFC3164fmt,”<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%”
+  # Kernel messages are first, stored in the kernel
+  # file, critical messages and higher ones also go
+  # to another host and to the console. Messages to
+  # the host server.example.net are forwarded in RFC 3164
+  # format (using the template defined above).
+  kern.* /var/adm/kernel
+  kern.crit @server.example.net;RFC3164fmt
+  kern.crit /dev/console
+  kern.info;kern.!err /var/adm/kernel-info

wiki

User Tools

Site Tools

Differences

Page Tools