rsyslog

The rocket-fast system for log processing

rulesets and rsyslog 7.2+

In rsyslog 7.2.0 we introduced some interesting config enhancements. Among these are changes to how rulesets can be specified or called. A ruleset is basically looking like this:

ruleset(name="rulesetname") { statements here }

As you can see, you specify a ruleset by its name. All statements that will be specified go into the curly brackets. In addition, a ruleset can be called by another ruleset. This is simply done by call rulesetname The rulesetname is just plainly specified. We hope this to be more intuitively. Here is a larger example (bascially taken from the rsyslog mailing list, thanks to Brian Knox). module(load="imptcp" keepalive="on") # use imptcp just as example for bind ruleset below ruleset(name="rs1") { *.* /var/log/test1.log } ruleset(name="rs2") { *.* /var/log/test2.log call rs1 } input(type="imptcp" port="13514" ruleset="rs2") All statements, which are NOT specified in a ruleset will be automatically inserted into the default ruleset.

Legacy $Ruleset statements are still supported, but cannot be cross-used with the new ruleset() statements.

One thought on “rulesets and rsyslog 7.2+

  1. I do agree with all of the concepts you’ve offered to your post. They’re really convincing and can certainly work. Nonetheless, the posts are too brief for beginners. May you please lengthen them a little from next time? Thank you for the post.

Comments are closed.