The Geek Diary

HowTos | Basics | Concepts

Understanding rsyslog Templates

By

Templates modify and format output generated by rsyslog. They allow to specify any format a user might want. They are also used for dynamic file name generation. The following is the syntax to create a template:

$template TEMPLATE_NAME,"text %PROPERTY% text", [OPTION]

The fields are described as follows:

Field Purpose
$template Directive that defines a template
TEMPLATE_NAME Name of the template
“text” Actual template text surrounded by quotation marks
%PROPERTY% Specific message content surrounded by percent signs
OPTION Specifies options that modify the template functionality

Templates can be used to generate dynamic file names. Specify a property as a part of the file path to create a new file for each unique property. For example, use the timegenerated property to generate a unique file name for each rsyslog message:

$template DynamicFile,“/var/log/%timegenerated%-test.log”

Specify the template name in a rule to modify rsyslog output. Dynamic files are represented by a template and a question mark (?) prefix. Example:

*.* ?DynamicFile

Properties

You can use properties inside a template to reference specific contents of an rsyslog message. Use the following syntax to define a property inside a template:

%PROPERTY_NAME[:FROM_CHAR:TO_CHAR:OPTION]%

The fields are described as follows:

Field Purpose
PROPERTY_NAME Name of a property
FROM_CHAR and TO_CHAR Range of characters the specified property acts upon
OPTION Property options

A list of available properties and descriptions can be found at http://www.rsyslog.com/doc/property_replacer.html.

1. The following property represents the entire message text of an rsyslog message:

%msg%

2. The following example represents the first two characters of the message text:

%msg:1:2%

3. The following property represents the host name in an rsyslog message:

%hostname%

4. The following property represents the facility from the message in text form:

%syslogfacility-text%

Template: Example

The following example defines a template named class that formats an rsyslog message to output the message’s time stamp, facility in text form, priority in text form, host name, and message text, and ends with a new line:

$template class, "Time: %timestamp%, Facility: %syslogfacilitytext%, Priority: %syslogpriority-text%, Hostname: %hostname%,
Message: %msg%\n"

To use the template for /var/log/logfile messages, include the template name as follows:

*.* /var/log/logfile;class
CentOS / RedHat : Beginners guide to log file administration
Understanding rsyslog Actions
Understanding rsyslog Filter Options

You May Also Like