• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Understanding rsyslog Actions

by admin

Actions specify what to do with the messages filtered out by a selector. The following are some of the available actions.

Saving rsyslog Messages to Log Files

To save an rsyslog message to a log file, specify the absolute path to the log file after the selector. The following example selects all cron messages and the action saves them to the /var/log/cron.log log file:

cron.* /var/log/cron.log

You can specify an existing tty or /dev/console device to send rsyslog messages to standard output.

Sending rsyslog Messages over the Network

Use the following syntax to forward rsyslog messages to a remote machine:

@[zNUMBER]HOST:[PORT]

– Use a single at sign (@) to specify UDP as the transport protocol.
– Use a double at sign (@@) to specify TCP.
– The optional zNUMBER field enables a level of zlib compression from 1 to 9.
– The HOST field specifies the receiving host.
– The optional PORT field specifies the port number on the receiving host.

For example, to forward messages to 192.168.10.101 using the UDP protocol:

*.* @192.0.2.101

To forward messages to port 18 on “host02.example.com” using the TCP protocol:

*.* @@host02example.com:18

Sending rsyslog Messages to Specific Users

Specify the username to send rsyslog messages to. Separate usernames with a comma (,) to specify more than one user. Use an asterisk (*) to send messages to every user that is currently logged on. The following example sends all kernel messages to user joe:

kern.* joe

Executing a Program

You can execute a program for selected rsyslog messages. To specify a program to be executed, prefix it with a caret character (^). Specify a template that formats the received message and passes it to the specified executable as a one-line parameter. The following example processes all kernel messages by the template knl and passes them on to the knlprog program.

kern.* ^knl-prog;knl

Write rsyslog Messages into a Database

You can use the database writer action to write selected rsyslog messages directly into a database table. The database writer uses the following syntax:

:PLUGIN:DB_HOST,DB_NAME,DB_USER,DB_PASSWORD;[TEMPLATE]

– The PLUGIN field specifies the plug-in that performs the database writing.
– rsyslog provides support for MySQL and PostgreSQL databases.
– MySQL integration requires the rsyslogmysql software package.
– PostgreSQL requires the rsyslog-pgsql package. You also need to load the ommysql module for MySQL and the ompgsql module for PostgreSQL.

Discarding rsyslog Messages

Use the tilde character (~) to discard selected messages. The following rule discards any news messages:

news.* ~

You can specify multiple actions for a selector by specifying subsequent actions on a new line and preceding the actions with an ampersand character (&). Specify the selector on the first action line. The following is an example of a rule with multiple actions:

kern.* joe
& ^knl-prog;knl
& @192.0.2.101

In the preceding example, all kernel messages are:
– Sent to user joe
– Processed by the template knl and passed on to the knl-prog executable
– Forwarded to 192.0.2.101 by using the UDP protocol

Understanding rsyslog Filter Options
Understanding rsyslog Templates
CentOS / RHEL 6,7 : How to increase system log message verbosity (rsyslogd)
CentOS / RedHat : Beginners guide to log file administration

Filed Under: Linux

Some more articles you might also be interested in …

  1. ipcs Command Examples in Linux
  2. How to install git on ubuntu 16.04
  3. lsscsi Command Examples in Linux
  4. How to delete unused kernels and keep only the running kernel in CentOS/RHEL
  5. watch command examples to run a command repeatedly or monitor dynamically changeable files (like /proc/*)
  6. chattr Command Examples to Change File Attributes (Make files immutable)
  7. How to Integrate CentOS/RHEL system into an AD Domain with LDAP/Kerberos/SSSD
  8. usermod Command Examples in Linux
  9. CentOS / RHEL : Managing password ageing for users using chage (with practical Examples)
  10. How To Check a Disk for Bad Blocks or Disk Errors on CentOS / RHEL

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright