From 43d9709847de6d286825ed8eb4db3ac702d8ab00 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards
Thankfully, rsyslog provides message properties for the priority. These are called "PRI", "syslogfacility" and "syslogpriority" (case is important!). They are numerical -values. Starting with rsyslog 1.13.4, there is also a property "PRI-text", which +values. Starting with rsyslog 1.13.4, there is also a property "pri-text", which contains the priority in friendly text format (e.g. "syslog.info"). For the rest of this article, I assume that you run version 1.13.4 or higher.
Recording the priority is now a simple matter of adding the respective field to the template. It now looks like this:
-$template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
+$template TraditionalFormatWithPRI,"%pri-text%: %timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
Now we have the right template - but how to write it to a file? You probably have a line like this in your syslog.conf:
@@ -83,29 +83,29 @@ A little bit of configuration is required.Below is some sample data created with the template specified above. Note the priority recording at the start of each line.
-kern.info<6>: Jun 15 18:10:38 host kernel: PCI: Sharing IRQ 11 with 00:04.0
-kern.info<6>: Jun 15 18:10:38 host kernel: PCI: Sharing IRQ 11 with 01:00.0
-kern.warn<4>: Jun 15 18:10:38 host kernel: Yenta IRQ list 06b8, PCI irq11
-kern.warn<4>: Jun 15 18:10:38 host kernel: Socket status: 30000006
-kern.warn<4>: Jun 15 18:10:38 host kernel: Yenta IRQ list 06b8, PCI irq11
-kern.warn<4>: Jun 15 18:10:38 host kernel: Socket status: 30000010
-kern.info<6>: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0c00-0x0cff: clean.
-kern.info<6>: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x100-0x107 0x378-0x37f 0x4d0-0x4d7
-kern.info<6>: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0a00-0x0aff: clean.
-local7.notice<189>: Jun 15 18:17:24 host dd: 1+0 records out
-local7.notice<189>: Jun 15 18:17:24 host random: Saving random seed: succeeded
-local7.notice<189>: Jun 15 18:17:25 host portmap: portmap shutdown succeeded
-local7.notice<189>: Jun 15 18:17:25 host network: Shutting down interface eth1: succeeded
-local7.notice<189>: Jun 15 18:17:25 host network: Shutting down loopback interface: succeeded
-local7.notice<189>: Jun 15 18:17:25 host pcmcia: Shutting down PCMCIA services: cardmgr
-user.notice<13>: Jun 15 18:17:25 host /etc/hotplug/net.agent: NET unregister event not supported
-local7.notice<189>: Jun 15 18:17:27 host pcmcia: modules.
-local7.notice<189>: Jun 15 18:17:29 host rc: Stopping pcmcia: succeeded
-local7.notice<189>: Jun 15 18:17:30 host rc: Starting killall: succeeded
-syslog.info<46>: Jun 15 18:17:33 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2464"] exiting on signal 15.
-syslog.info<46>: Jun 18 10:55:47 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2367"][x-configInfo udpReception="Yes" udpPort="514" tcpReception="Yes" tcpPort="1470"] restart
-user.notice<13>: Jun 18 10:55:50 host rger: test
-syslog.info<46>: Jun 18 10:55:52 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2367"] exiting on signal 2.
kern.info: Jun 15 18:10:38 host kernel: PCI: Sharing IRQ 11 with 00:04.0
+kern.info: Jun 15 18:10:38 host kernel: PCI: Sharing IRQ 11 with 01:00.0
+kern.warn: Jun 15 18:10:38 host kernel: Yenta IRQ list 06b8, PCI irq11
+kern.warn: Jun 15 18:10:38 host kernel: Socket status: 30000006
+kern.warn: Jun 15 18:10:38 host kernel: Yenta IRQ list 06b8, PCI irq11
+kern.warn: Jun 15 18:10:38 host kernel: Socket status: 30000010
+kern.info: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0c00-0x0cff: clean.
+kern.info: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x100-0x107 0x378-0x37f 0x4d0-0x4d7
+kern.info: Jun 15 18:10:38 host kernel: cs: IO port probe 0x0a00-0x0aff: clean.
+local7.notice: Jun 15 18:17:24 host dd: 1+0 records out
+local7.notice: Jun 15 18:17:24 host random: Saving random seed: succeeded
+local7.notice: Jun 15 18:17:25 host portmap: portmap shutdown succeeded
+local7.notice: Jun 15 18:17:25 host network: Shutting down interface eth1: succeeded
+local7.notice: Jun 15 18:17:25 host network: Shutting down loopback interface: succeeded
+local7.notice: Jun 15 18:17:25 host pcmcia: Shutting down PCMCIA services: cardmgr
+user.notice: Jun 15 18:17:25 host /etc/hotplug/net.agent: NET unregister event not supported
+local7.notice: Jun 15 18:17:27 host pcmcia: modules.
+local7.notice: Jun 15 18:17:29 host rc: Stopping pcmcia: succeeded
+local7.notice: Jun 15 18:17:30 host rc: Starting killall: succeeded
+syslog.info: Jun 15 18:17:33 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2464"] exiting on signal 15.
+syslog.info: Jun 18 10:55:47 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2367"][x-configInfo udpReception="Yes" udpPort="514" tcpReception="Yes" tcpPort="1470"] restart
+user.notice: Jun 18 10:55:50 host rger: test
+syslog.info: Jun 18 10:55:52 host [origin software="rsyslogd" swVersion="1.13.3" x-pid="2367"] exiting on signal 2.
I would appreciate feedback on this paper. If you have additional ideas, comments or find bugs, please diff --git a/doc/v6compatibility.html b/doc/v6compatibility.html new file mode 100644 index 00000000..3ed5b77d --- /dev/null +++ b/doc/v6compatibility.html @@ -0,0 +1,43 @@ + +
+This document describes things to keep in mind when moving from v5 to v6. It +does not list enhancements nor does it talk about compatibility concerns introduced +by earlier versions (for this, see their respective compatibility documents). +
+Version 6 offers a better config language and some other improvements. +As the config system has many ties into the rsyslog engine AND all plugins, +the changes are somewhat intrusive. Note, however, that core processing has +not been changed much in v6 and will not. So once the configuration is loaded, +the stability of v6 is quite comparable to v5. +
+Traditionally, this property did not only return the textual form +of the pri ("local0.err"), but also appended the numerical value to it +("local0.err<133>"). This sounds odd and was left unnoticed for some years. +In October 2011, this odd behaviour was brought up on the rsyslog mailing list +by Gregory K. Ruiz-Ade. Code review showed that the behaviour was intentional, +but no trace of what the intention was when it was introduced could be found. +The documentation was also unclear, it said no numerical value was present, +but the samples had it. We agreed that the additional numerical value is +of disadvantage. We also guessed that this property is very rarely being used, +otherwise the problem should have been raised much earlier. However, we +didn't want to change behaviour in older builds. So v6 was set to clean up +the situation. In v6, text-pri will always return the textual part only +("local0.err") and the numerical value will not be contained any longer inside +the string. If you actually need that value, it can fairly easily be added +via the template system. +
If you have used this property previously and relied on the numerical +part, you need to update your rsyslog configuration files. +
The plugin interface has considerably been changed to support the new +config language. All plugins need to be upgraded. This usually does not require +much coding. However, if the new config language shall be supported, more +changes must be made to plugin code. All project-supported plugins have been +upgraded, so this compatibility issue is only of interest for you if you have +custom plugins or use some user-contributed plugins from the rsyslog project +that are not maintained by the project itself (omoracle is an example). + -- cgit