On 2007-09-06, Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
>
> http://rgerhards.blogspot.com/2007/09/rsyslog-config-again.html
>
> I would deeply appreciate any feedback on the samples and format
> suggestions.
/me thinks you're getting way too little feedback on the blog,
or this list. Unfortunately I don't have much more than simple
preference to contribute here..
XML-based format:
Yikes, you'll need an additional human readable frontend
format that's converted to XML for it to be usable. You
can't expect us poor sysadmins to be editing XML
directly to configure rsyslogd..
syslog-ng like:
Fair enough.. It works for my usage.
Metalog like:
No experience..
Apache like:
Not sure I understand this.. Seems like a mix of option/value
and xml'ish for some functionality.
Programming like..:
Of the samples in the wiki, I most prefer the BASIC-like. It
resembles python to me, and also "mon"'s config format. Very
readable.
http://mon.wiki.kernel.org/index.php/Mon_Manual The c-like with functions seems too complex:
if1:
{
if(%severity < "debug" && lower(substr(%msg, 5, 3)) != "err")
}
action1()
{
action(type=filewrite, file="/var/log/mail.log")
}
rule1()
{
if1()
action1()
action(type=filewrite, file="/var/log/messages.log")
}
rule(if1,action1)
ruleset(rule1, rule(if1, action(type=filewrite, file="/var/log/messages.log")))
rule(action1(),input="$all")
input(type=udp, bind="127.0.0.1")
I can't parse this.. Does rule1() break out of if1() is false?
Then I guess writes to /var/log/messages.log woun't happen if
action1 for some reason failed ? Contrast it to mon's config
translated to syslogging:
# Define some groups of servers:
hostgroup mailservers server1 server2 server3
hostgroup webservers server4 server5
watch mailservers
severity > debug
SUBMSG = lower(substr(%msg, 5, 3))
SUBMSG != "err"
logwrite /var/log/mail.log
logwrite /var/log/messages.log
SUBMSG == "err"
logwrite /var/log/err.log
watch webservers
programname == httpd
severity == crit
cmd wall "httpd critical: $msg"
logwrite /var/log/crit.log
severity < crit
logwrite /var/log/httpd.log
Each indentation means it's depending on the previous
statement being true. You might need to be drinking the python
Kool-Aid to see the beauty :-)
-jf