From bc7d4087b2299bf7ee627e314c46ccaa0169b673 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 28 Mar 2008 11:18:42 +0000 Subject: added build-in templates --- ChangeLog | 1 + doc/rsyslog_conf.html | 23 +++++++++++++++++++++-- doc/v3compatibility.html | 17 +++++++++-------- syslogd.c | 8 ++++---- 4 files changed, 35 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6214165d..9c9f4fb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,7 @@ Version 3.12.5 (rgerhards), 2008-03-?? syslog messages - added new $ActionForwardDefaultTemplate directive - added new $ActionGSSForwardDefaultTemplate directive +- added build-in templates for easier configuration --------------------------------------------------------------------------- Version 3.12.4 (rgerhards), 2008-03-25 - Greatly enhanced rsyslogd's file write performance by disabling diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 80c87233..5931a241 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -293,7 +293,7 @@ $template TraditionalFormat,%timegenerated% %HOSTNAME%
Properties can be accessed by the property replacer (see there for details).

-

Please note that as of 1.15.0, templates can also by +

Please note that templates can also by used to generate selector lines with dynamic file names. For example, if you would like to split syslog messages from different hosts to different files (one per host), you can define the following @@ -302,7 +302,26 @@ template:

DynFile,"/var/log/system-%HOSTNAME%.log"

This template can then be used when defining an output selector line. It will result in something like -"/var/log/system-localhost.log"

+"/var/log/system-localhost.log"

Template +names beginning with "RSYSLOG_" are reserved for rsyslog use. Do NOT +use them if, otherwise you may receive a conflict in the future (and +quite unpredictable behaviour). There is a small set of pre-defined +templates that you can use without the need to define it:

Output Channels

Output Channels are a new concept first introduced in rsyslog 0.9.0. As of this writing, it is most likely that they will diff --git a/doc/v3compatibility.html b/doc/v3compatibility.html index 74319c38..033426cd 100644 --- a/doc/v3compatibility.html +++ b/doc/v3compatibility.html @@ -170,16 +170,17 @@ However, that would have broken almost all receivers, including earlier versions of rsyslog. To avoid this hassle, high-precision timestamps need to be explicitely enabled. To make this as painless as possible, rsyslog comes with a canned template that contains everything -necessary.  To enable high-precision timestamps, just use:

$ActionForwardDefaultTemplate RSYSLOG_ForwardFileFormat # for plain TCP and UDP

$ActionGSSForwardDefaultTemplate RSYSLOG_ForwardFileFormat # for GSS-API

And, of course, you can always set different forwarding formats by just specifying the right template.

If +necessary.  To enable high-precision timestamps, just use:

$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat # for plain TCP and UDP

$ActionGSSForwardDefaultTemplate RSYSLOG_ForwardFormat # for GSS-API

And, of course, you can always set different forwarding formats by just specifying the right template.

If you are running in a system with only rsyslog 3.12.5 and above in the receiver roles, it is suggested to add one (or both) of the above -statements to the top of your rsyslog.conf - that will enable you to -use the best in timestamp support availble. Please note that when you -use this format with other receivers, they will probably become pretty -confused and not detect the timestamp at all. In earlier rsyslog -versions, for example, that leads to duplication of timestamp and -hostname fields and disables the detection of the orignal hostname in a -relayed/NATed environment. So use the new format with care.

Queue Modes for the Main Message Queue

+statements to the top of your rsyslog.conf (but after the $ModLoad's!) +- that will enable you to use the best in timestamp support availble. +Please note that when you use this format with other receivers, they +will probably become pretty confused and not detect the timestamp at +all. In earlier rsyslog versions, for example, that leads to +duplication of timestamp and hostname fields and disables the detection +of the orignal hostname in a relayed/NATed environment. So use the new +format with care.

Queue Modes for the Main Message Queue

Either "FixedArray" or "LinkedList" is recommended. "Direct" is available, but should not be used except for a very good reason ("Direct" disables queueing and will potentially lead to message loss diff --git a/syslogd.c b/syslogd.c index 6178a4e4..20f9882e 100644 --- a/syslogd.c +++ b/syslogd.c @@ -417,6 +417,7 @@ int option_DisallowWarning = 1; /* complain if message from disallowed sender is /* hardcoded standard templates (used for defaults) */ +static uchar template_SyslogProtocol23Format[] = "\"<%PRI%>1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n\""; static uchar template_TraditionalFileFormat[] = "\"%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n\""; static uchar template_FileFormat[] = "\"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n\""; static uchar template_WallFmt[] = "\"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r\""; @@ -2812,10 +2813,9 @@ static void mainThread() * is that we need to interrupt the select() system call. -- rgerhards, 2007-10-17 */ - /* initialize the default templates - * we use template names with a SP in front - these - * can NOT be generated via the configuration file - */ + /* initialize the build-in templates */ + pTmp = template_SyslogProtocol23Format; + tplAddLine("RSYSLOG_SyslogProtocol23Format", &pTmp); pTmp = template_FileFormat; /* new format for files with high-precision stamp */ tplAddLine("RSYSLOG_FileFormat", &pTmp); pTmp = template_TraditionalFileFormat; -- cgit