rsyslog.conf configuration file

This document is currently being enhanced. Please pardon its current appearance.

Rsyslogd is configured via the rsyslog.conf file, typically found in /etc. By default, rsyslogd reads the file /etc/rsyslog.conf. This may be changed by a command line option.

Configuration file examples can be found in the rsyslog wiki.

There is also one sample file provided together with the documentation set. If you do not like to read, be sure to have at least a quick look at rsyslog-example.conf.

While rsyslogd contains enhancements over standard syslogd, efforts have been made to keep the configuration file as compatible as possible. While, for obvious reasons, enhanced features require a different config file syntax, rsyslogd should be able to work with a standard syslog.conf file. This is especially useful while you are migrating from syslogd to rsyslogd.

Modules

Lines

Lines can be continued by specifying a backslash ("\") as the last character of the line. There is a hard-coded maximum line length of 4K. If you need lines larger than that, you need to change compile-time settings inside rsyslog and recompile.

Configuration Directives

Basic Structure

Rsyslog supports standard sysklogd's configuration file format and extends it. So in general, you can take a "normal" syslog.conf and use it together with rsyslogd. It will understand everything. However, to use most of rsyslogd's unique features, you need to add extended configuration directives.

Rsyslogd supports the classical, selector-based rule lines. They are still at the heart of it and all actions are initiated via rule lines. A rule lines is any line not starting with a $ or the comment sign (#). Lines starting with $ carry rsyslog-specific directives.

Every rule line consists of two fields, a selector field and an action field. These two fields are separated by one or more spaces or tabs. The selector field specifies a pattern of facilities and priorities belonging to the specified action.

Lines starting with a hash mark ("#'') and empty lines are ignored.

Templates

Output Channels

Filter Conditions

Actions

Examples

Here you will find examples for templates and selector lines. I hope they are self-explanatory. If not, please see www.monitorware.com/rsyslog/ for advise.

Configuration File Syntax Differences

Rsyslogd uses a slightly different syntax for its configuration file than the original BSD sources. Originally all messages of a specific priority and above were forwarded to the log file. The modifiers "='', "!'' and "!-'' were added to make rsyslogd more flexible and to use it in a more intuitive manner.

The original BSD syslogd doesn't understand spaces as separators between the selector and the action field.

When compared to syslogd from sysklogd package, rsyslogd offers additional features (like template and database support). For obvious reasons, the syntax for defining such features is available in rsyslogd, only.

[back to top] [manual index] [rsyslog site]

This documentation is part of the rsyslog project.
Copyright © 2008,2009 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 3 or higher.

>