I need to take several actions for some log messages. For example I want to log them to different files according to severity.
Everything is ok if I use this:
if $programname == 'myprog' then -/var/log/myprog.log
if $programname == 'myprog' and $syslogseverity-text >= 'warning' then -/var/log/myprog-alert.log
if $programname == 'myprog' ~
This log every messages emitted by 'myprog' to /var/log/myprog.log
This log only warning and error message emitted by 'myprog' to -/var/log/myprog-alert.log
And the processing is then stopped (thanks to '~')
.
I's like to have something sexier:
if $programname == 'myprog' then {
*.* -/var/log/myprog.log
*.warning -/var/log/myprog-alert.log
~
}
But this later construction, albeit accepted by rsyslog, do not filter against programname.
For example every messages are written to /var/log/myprog.log even when originating from whatever process.
.
Anyone can explain where is my mistake or misunderstanding ?
.
Final method, from answers below:
use a "modern" rsyslogd. Version > 7.x.y
use this syntax:
if $programname == 'myprog' then {
*.warning -/var/log/myprog-alert.log
*.* -/var/log/myprog.log
*.* stop
}
or this one:
if $programname == 'myprog' then {
*.warning -/var/log/myprog-alert.log
-/var/log/myprog.log
stop
}
Best Answer
Your line containing only '~' is wrong. It should be "*.* ~".
I know you mostly use Debian stable. Your rsyslog version is 5.x.y and doesn't accept RanierScript.
You can update to the backports version (7.6.3 currently), then your second example should work.