| jan kaufman | 28d7d89 | 2015-12-04 21:36:59 +0100 | [diff] [blame] | 1 | |
| 2 | ================================== |
| 3 | rsyslog |
| 4 | ================================== |
| 5 | |
| 6 | In computing, syslog is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. |
| 7 | |
| 8 | Sample pillars |
| 9 | ============== |
| 10 | |
| jan kaufman | 1a4044c | 2016-03-10 18:51:58 +0100 | [diff] [blame] | 11 | Rsyslog service with default logging template |
| 12 | |
| 13 | .. code-block:: yaml |
| 14 | |
| 15 | rsyslog: |
| 16 | client: |
| 17 | enabled: true |
| 18 | |
| 19 | |
| 20 | Rsyslog service with precise timestamps, severity, facility. |
| jan kaufman | 28d7d89 | 2015-12-04 21:36:59 +0100 | [diff] [blame] | 21 | |
| 22 | .. code-block:: yaml |
| 23 | |
| 24 | rsyslog: |
| 25 | client: |
| 26 | enabled: true |
| 27 | format: |
| 28 | name: TraditionalFormatWithPRI |
| jan kaufman | 1a4044c | 2016-03-10 18:51:58 +0100 | [diff] [blame] | 29 | template: '"%syslogpriority% %syslogfacility% %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"' |
| Swann Croiset | 100028b | 2017-03-15 11:58:48 +0100 | [diff] [blame] | 30 | output: |
| jan kaufman | 91532f9 | 2016-03-31 13:45:02 +0200 | [diff] [blame] | 31 | file: |
| 32 | -/var/log/syslog: |
| 33 | filter: *.*;auth,authpriv.none |
| 34 | owner: syslog |
| 35 | group: adm |
| 36 | createmode: 0640 |
| 37 | umask: 0022 |
| 38 | /var/log/auth.log: |
| 39 | filter: auth,authpriv.* |
| 40 | owner: syslog |
| 41 | group: adm |
| 42 | createmode: 0640 |
| 43 | umask: 0022 |
| 44 | -/var/log/kern.log: |
| 45 | filter: kern.* |
| 46 | owner: syslog |
| 47 | group: adm |
| 48 | createmode: 0640 |
| 49 | umask: 0022 |
| 50 | -/var/log/mail.log: |
| 51 | filter: mail.* |
| 52 | owner: syslog |
| 53 | group: adm |
| 54 | createmode: 0640 |
| 55 | umask: 0022 |
| 56 | /var/log/mail.err: |
| 57 | filter: mail.err |
| 58 | owner: syslog |
| 59 | group: adm |
| 60 | createmode: 0640 |
| 61 | umask: 0022 |
| 62 | ":omusrmsg:*": |
| 63 | filter: *.emerg |
| 64 | "|/dev/xconsole": |
| 65 | filter: "daemon.*;mail.*; news.err; *.=debug;*.=info;*.=notice;*.=warn": |
| Swann Croiset | 100028b | 2017-03-15 11:58:48 +0100 | [diff] [blame] | 66 | -/var/log/your-app.log: |
| 67 | filter: "if $programname startswith 'your-app' then" |
| 68 | owner: syslog |
| 69 | group: adm |
| 70 | createmode: 0640 |
| 71 | umask: 0022 |
| 72 | stop_processing: true |
| jan kaufman | 1a4044c | 2016-03-10 18:51:58 +0100 | [diff] [blame] | 73 | |
| Oleksii Chupryn | 31fc2f9 | 2018-02-06 04:32:11 +0200 | [diff] [blame] | 74 | Rsyslog service with RainerScript (module, ruleset, template, input). |
| 75 | |
| 76 | .. code-block:: yaml |
| 77 | |
| 78 | rsyslog: |
| 79 | client: |
| 80 | run_user: syslog |
| 81 | run_group: adm |
| 82 | enabled: true |
| 83 | rainerscript: |
| 84 | module: |
| 85 | imfile: {} |
| 86 | input: |
| 87 | imfile: |
| 88 | nginx: |
| 89 | File: "/var/log/nginx/*.log" |
| 90 | Tag: "nginx__" |
| 91 | Severity: "notice" |
| 92 | Facility: "local0" |
| 93 | PersistStateInterval: "0" |
| 94 | Ruleset: "myapp_logs" |
| 95 | apache2: |
| 96 | File: "/var/log/apache2/*.log" |
| 97 | Tag: "apache2__" |
| 98 | Severity: "notice" |
| 99 | Facility: "local0" |
| 100 | Ruleset: "myapp_logs" |
| 101 | PersistStateInterval: "0" |
| 102 | rabbitmq: |
| 103 | File: "/var/log/rabbitmq/*.log" |
| 104 | Tag: "rabbitmq__" |
| 105 | Severitet: "notice" |
| 106 | Facility: "local0" |
| 107 | PersistStateInterval: "0" |
| 108 | Ruleset: "myapp_logs" |
| 109 | template: |
| 110 | ImfileFilePath: |
| 111 | parameter: |
| 112 | type: string |
| 113 | string: "<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%$.suffix%%msg:::sp-if-no-1st-sp%%msg%\n" |
| 114 | ruleset: |
| 115 | remote_logs: |
| 116 | description: 'action(type="omfwd" Target="172.16.10.92" Port="10514" Protocol="udp" Template="ImfileFilePath")' |
| 117 | myapp_logs: |
| 118 | description: 'set $.suffix=re_extract($!metadata!filename, "(.*)/([^/]*[^/.log])", 0, 2, "all.log"); call remote_logs' |
| 119 | |
| Swann Croiset | 01b2577 | 2017-03-16 09:18:01 +0100 | [diff] [blame] | 120 | Custom templates |
| 121 | ================ |
| 122 | |
| 123 | It is possible to define a specific syslog template per output file instead of |
| 124 | using the default one. |
| 125 | |
| 126 | .. code-block:: yaml |
| 127 | |
| 128 | rsyslog: |
| 129 | output: |
| 130 | file: |
| 131 | /var/log/your-app.log: |
| 132 | template: ""%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\\n"" |
| 133 | filter: "if $programname startswith 'your-app' then" |
| 134 | |
| teoyaomiqui | 5f07430 | 2017-04-11 15:03:55 +0300 | [diff] [blame] | 135 | Remote rsyslog server |
| 136 | ===================== |
| 137 | |
| 138 | It is possible to have rsyslog act as remote server, collecting, storing or forwarding logs. |
| 139 | This functionality is provided via rsyslog input/output modules, rulesets and templates. |
| 140 | |
| 141 | .. code-block:: yaml |
| 142 | |
| 143 | rsyslog: |
| 144 | server: |
| 145 | enabled: true |
| 146 | module: |
| 147 | imudp: {} |
| 148 | template: |
| 149 | RemoteFilePath: |
| 150 | parameter: |
| 151 | type: string |
| 152 | string: /var/log/%HOSTNAME%/%programname%.log |
| 153 | ruleset: |
| 154 | remote10514: |
| 155 | description: action(type="omfile" dynaFile="RemoteFilePath") |
| 156 | input: |
| 157 | imudp: |
| 158 | port: 10514 |
| 159 | ruleset: remote10514 |
| 160 | |
| 161 | |
| 162 | |
| Swann Croiset | d88acef | 2017-03-16 09:17:55 +0100 | [diff] [blame] | 163 | Support metadata |
| 164 | ================ |
| 165 | |
| 166 | If the *heka* support metadata is enabled, all output files are automatically |
| 167 | parsed by the **log_collector** service. |
| 168 | To skip the log_collector configuration, set the **skip_log_collector** to true. |
| 169 | |
| 170 | .. code-block:: yaml |
| 171 | |
| 172 | rsyslog: |
| 173 | output: |
| 174 | file: |
| 175 | /var/log/your-app.log: |
| 176 | filter: "if $programname startswith 'your-app' then" |
| 177 | skip_log_collector: true |
| jan kaufman | 28d7d89 | 2015-12-04 21:36:59 +0100 | [diff] [blame] | 178 | |
| 179 | Read more |
| 180 | ========= |
| 181 | |
| 182 | http://www.rsyslog.com/ |
| 183 | https://wiki.gentoo.org/wiki/Rsyslog |
| 184 | https://github.com/saz/puppet-rsyslog |
| Filip Pytloun | bb569f2 | 2017-02-02 13:02:03 +0100 | [diff] [blame] | 185 | |
| 186 | Documentation and Bugs |
| 187 | ====================== |
| 188 | |
| 189 | To learn how to install and update salt-formulas, consult the documentation |
| 190 | available online at: |
| 191 | |
| 192 | http://salt-formulas.readthedocs.io/ |
| 193 | |
| 194 | In the unfortunate event that bugs are discovered, they should be reported to |
| 195 | the appropriate issue tracker. Use Github issue tracker for specific salt |
| 196 | formula: |
| 197 | |
| 198 | https://github.com/salt-formulas/salt-formula-rsyslog/issues |
| 199 | |
| 200 | For feature requests, bug reports or blueprints affecting entire ecosystem, |
| 201 | use Launchpad salt-formulas project: |
| 202 | |
| 203 | https://launchpad.net/salt-formulas |
| 204 | |
| 205 | You can also join salt-formulas-users team and subscribe to mailing list: |
| 206 | |
| 207 | https://launchpad.net/~salt-formulas-users |
| 208 | |
| 209 | Developers wishing to work on the salt-formulas projects should always base |
| 210 | their work on master branch and submit pull request against specific formula. |
| 211 | |
| 212 | https://github.com/salt-formulas/salt-formula-rsyslog |
| 213 | |
| 214 | Any questions or feedback is always welcome so feel free to join our IRC |
| 215 | channel: |
| 216 | |
| 217 | #salt-formulas @ irc.freenode.net |