Templates modify and format output generated by rsyslog. They allow to specify any format a user might want. They are also used for dynamic file name generation. The following is the syntax to create a template:
$template TEMPLATE_NAME,"text %PROPERTY% text", [OPTION]
The fields are described as follows:
| Field | Purpose |
|---|---|
| $template | Directive that defines a template |
| TEMPLATE_NAME | Name of the template |
| “text” | Actual template text surrounded by quotation marks |
| %PROPERTY% | Specific message content surrounded by percent signs |
| OPTION | Specifies options that modify the template functionality |
Templates can be used to generate dynamic file names. Specify a property as a part of the file path to create a new file for each unique property. For example, use the timegenerated property to generate a unique file name for each rsyslog message:
$template DynamicFile,“/var/log/%timegenerated%-test.log”
Specify the template name in a rule to modify rsyslog output. Dynamic files are represented by a template and a question mark (?) prefix. Example:
*.* ?DynamicFile
Properties
You can use properties inside a template to reference specific contents of an rsyslog message. Use the following syntax to define a property inside a template:
%PROPERTY_NAME[:FROM_CHAR:TO_CHAR:OPTION]%
The fields are described as follows:
| Field | Purpose |
|---|---|
| PROPERTY_NAME | Name of a property |
| FROM_CHAR and TO_CHAR | Range of characters the specified property acts upon |
| OPTION | Property options |
A list of available properties and descriptions can be found at http://www.rsyslog.com/doc/property_replacer.html.
1. The following property represents the entire message text of an rsyslog message:
%msg%
2. The following example represents the first two characters of the message text:
%msg:1:2%
3. The following property represents the host name in an rsyslog message:
%hostname%
4. The following property represents the facility from the message in text form:
%syslogfacility-text%
Template: Example
The following example defines a template named class that formats an rsyslog message to output the message’s time stamp, facility in text form, priority in text form, host name, and message text, and ends with a new line:
$template class, "Time: %timestamp%, Facility: %syslogfacilitytext%, Priority: %syslogpriority-text%, Hostname: %hostname%, Message: %msg%\n"
To use the template for /var/log/logfile messages, include the template name as follows:
*.* /var/log/logfile;class
Understanding rsyslog Actions
Understanding rsyslog Filter Options