Howto store remote messages in a separate file
In this ~8 minute video Rainer Gerhards describes Howto store remote messages in a separate file. It’s actually one of the most frequently asked question on rsyslog forum and mailing list.
Note: the tutorial is for legacy config format in order to help most people gain benefit from it.
Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.
If you accept this notice, your choice will be saved and the page will refresh.
rsyslog 6.3.3 (devel) released
This is a very important milestone release. It features the new config parser and thus provides the basis for a more intuitive config format. With 6.3.3 there are already some enhancements to the format. However, more changes will come up with the next minor releases. For details, please check this link:
http://www.rsyslog.com/rsyslog-6-3-3-config-format-improvements/
It is worth noting that the performance of script-based filters (“if … then”) has notable been improved. Preliminary benchmarks show an improvement of at least a factor of three (more detailed benchmarks will be done after the new scoped object statements have been introduced).
We would appreciate early adoption of this release. One goal in releasing it is to see if the new parser actually is able to handle all legacy configurations found in practice (note that the parser was written from scratch).
ChangeLog:
http://www.rsyslog.com/changelog-for-6-3-3-v6-devel/
Download:
http://www.rsyslog.com/rsyslog-6-3-3-devel/
As always, feedback is appreciated.
Best regards,
Tom Bergfeld
rsyslog 6.3.3 (devel)
Download file name: rsyslog 6.3.3 (devel)
rsyslog 6.3.3 (devel)
md5sum: f0ef4a1760eaf4498fba3f5bdc969d8e
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 6.3.3 File size: 2.4 MB
Changelog for 6.3.3 (v6-devel)
Version 6.3.3 [DEVEL] (rgerhards), 2011-07-13
- rsyslog.conf format: now parsed by RainerScript parser
this provides the necessary base for future enhancements as well as some
minor immediate ones. For details see: http://blog.gerhards.net/2011/07/rsyslog-633-config-format-improvements.html - performance of script-based filters notably increased
- removed compatibility mode as we expect people have adjusted their
confs by now - added support for the “:omfile:” syntax for actions
rsyslog 6.3.3 config format improvements
In rsyslog 6.3.3, the config processor has finally changed. The old legacy processor (and with it the early RainerScript implementation) is thrown out and has been replaced by the so-called RainerScript processor (why that crazy name?). This is an extremely important step for rsyslog, as it now has the foundation for a much better and intuitive rsyslog.conf format. However, most of that can not be seen in 6.3.3, as it requires more work, especially in the plugin arena. Still, there are a couple of smaller improvements available.
Most importantly, the performance of script based filters has been considerably enhanced. Preliminary testing shows a three times speedup (we’ll do more benchmarking at a later stage; there is also still lots of room for optimization ;-)).
The ugliness of continuation lines has been removed. They may still be used, and this may make a lot of sense with some actions, but you are usually no longer forced to use continuation lines. Take this config snippet from a leading distro:
if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then /dev/tty10 & |/dev/xconsole
This can now be written as follows:
if ( /* kernel up to warning except of firewall */ ($syslogfacility-text == 'kern') and ($syslogseverity <= 4 /* warning */ ) and not ($msg contains 'IN=' and $msg contains 'OUT=') ) or ( /* up to errors except of facility authpriv */ ($syslogseverity <= 3 /* errors */ ) and not ($syslogfacility-text == 'authpriv') ) then /dev/tty10 & |/dev/xconsole