Read an environment variable (or environment file) from an rsyslog config

I'm building AMIs here for my organization which include default configuration to send all of our logs to Loggly from rsyslogd. It works pretty well, but I'd like to be able to customize the configuration from a cloud-init script to provide custom logging tags on a per-instance basis. I'd like to do something like this in cloud-init:

#cloud-config
write_files:
    - path: /etc/sysconfig/rsyslog-loggly
      content: |
          LOGGLY_TAGS=staging,search,solr,staging-search-solr

And then read the environment variable/file into the rsyslog config:

$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [---TOKEN--- tag=\"$LOGGLY_TAGS\"] %msg%"

Is there a way to source an environment file or read an environment variable in an rsyslog config? I could always augment the SystemD unit for rsyslog to include an environment file, provided that I could read it.

What I'd like to avoid is doing something like this:

[Service]
...
ExecStartPre=/usr/local/sbin/rewrite-loggly-conf.py

and rewriting the config on every boot with some Python script.

Is there a way in rsyslog to do what I'm looking to accomplish?

An example: env SOMEPATH is set to “/var/log/custompath” config is: param=echo $SOMEPATH/myfile param than is expanded to “/var/log/custompath/myfile” Note, however, that some common bash features are not supported. Most importantly, ${VAR} does not work. Also, environment variables

Best Answer

Yes, you can include environment variables similarly to shell scripting by using backticks. This works since rsyslog 8.33.0

From String Constants in the rsyslog documentation:

backticks

This was added in 8.33.0. The idea is to provide a useful subset of what the shell does. Right now, only the following is supported:
echo $VARNAME - It will evaluate the environment variable and use it as string constant. If the variable is not found, an empty string
is generated (this is not an error).
Starting with 8.37.0, the echo case has been enhanced. It is now more along the lines of what bash does. It supports multiple
environment variable expansions as well as constant text between them.
An example:
    env SOMEPATH is set to “/var/log/custompath”
    config is: param=echo $SOMEPATH/myfile
    param than is expanded to “/var/log/custompath/myfile”

Note, however, that some common bash features are not supported. Most importantly, ${VAR} does not work. Also, environment variables
are only terminated by whitespace or /. Neither are things like $(pwd) supported. The idea of this parameter is not to provide a full-blown bash-equivalent, but provide some functionality that is usually considered useful for customizing rsyslog configuration with outside data. That said, we are still interested in extending the coverage if clear need and reasoning is provided.
cat filename - It will evaluate to the content of the given file. Only a single file name is supported. If the file is not readable, it
will evaluate to an empty string.

Any other construct will currently lead to an error message. Note that there must be exactly one space between “echo” or “cat” and the other parameter.

Backticks are especially useful for configuration files that are auto-generated but need to contain a small set of special functionality.

For an example of this in action, have a look at the rsyslog docker appliance available at https://github.com/rsyslog/rsyslog-docker/tree/master/appliance/alpine.

Best Answer

Related Solutions

What’s causing rsyslog to log $msg**INVALID PROPERTY NAME** instead of the message contents from sonicwall devices

Rsyslog with variable input file name

Related Topic

What’s causing rsyslog to log $msgINVALID PROPERTY NAME instead of the message contents from sonicwall devices