Differences

This shows you the differences between two versions of the page.

--- aix:aix_rsyslog [2022/05/18 16:37]
manu
+++ aix:aix_rsyslog [2022/11/21 17:31] (current)
manu [debugging :]
@@ Line 313: / Line 313: @@
 #$PrivDropToUser syslog
 #$PrivDropToGroup syslog
-<code>
+</code>
 ===== centralize login =====
@@ Line 338: / Line 338: @@
 <cli>
-$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+A template that resembles traditional syslogd file output:
+    $template TraditionalFormat,”%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n”
+A template that tells you a little more about the message:
+    $template precise,”%syslogpriority%,%syslogfacility%,%timegenerated%,%HOSTNAME%, %syslogtag%,%msg%\n”
-$template TraditionalFileFormat,"%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+A template for RFC 3164 format:
+    $template RFC3164fmt,”<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%”
+A template for the format traditionally used for user messages:
+    $template usermsg,” XXXX%syslogtag%%msg%\n\r”
+And a template with the traditional wall-message format:
+    $template wallmsg,”\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated%
+A template that can be used for the database write (please note the SQL template option)
+    $template MySQLInsert,”insert iut, message, received at values (‘%iut%’, ‘%msg:::UPPERCASE%’, ‘%timegenerated:::date-mysql%’) into systemevents\r\n”, SQL
+The following template emulates WinSyslog format:
+    $template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,
+%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,
+%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,
+%syslogtag%%msg%\\n"
+$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
 $template ForwardFormat,"<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
@@ Line 349: / Line 371: @@
 </cli>
+To assign a msg to a format:
+  kern.crit @server.example.net;RFC3164fmt
 ===== Example =====
@@ Line 404: / Line 428: @@
 *.debug /var/log/syslog/debug.log
 </cli>
+===== Misc examples =====
+The fourth line tells rsyslogd to save all kernel messages that come with priorities from info up to warning in the file /var/adm/kernel-info. Everything from err and higher is excluded.
+  # The tcp wrapper loggs with mail.info, we display all the connections on tty12
+  mail.=info /dev/tty12
+This directs all messages that uses mail.info (in source LOG_MAIL | LOG_INFO) to /dev/tty12, the 12th console. For example the tcpwrapper tcpd(8) uses this as it’s default.
+  # Store all mail concerning stuff in a file
+  mail.\*;mail.!=info /var/adm/mail
+This will store all messages with the priority crit in the file /var/adm/critical, except for any kernel message.
+  # A template for RFC 3164 format:
+  $template RFC3164fmt,”<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%”
+  # Kernel messages are first, stored in the kernel
+  # file, critical messages and higher ones also go
+  # to another host and to the console. Messages to
+  # the host server.example.net are forwarded in RFC 3164
+  # format (using the template defined above).
+  kern.* /var/adm/kernel
+  kern.crit @server.example.net;RFC3164fmt
+  kern.crit /dev/console
+  kern.info;kern.!err /var/adm/kernel-info

wiki

User Tools

Site Tools

Differences

Page Tools