{"id":20811307,"url":"https://github.com/express42/rsyslog","last_synced_at":"2025-03-12T04:43:32.096Z","repository":{"id":66323626,"uuid":"11944070","full_name":"express42/rsyslog","owner":"express42","description":"Express 42 rsyslog cookbook","archived":false,"fork":false,"pushed_at":"2017-04-10T10:15:49.000Z","size":43,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-01-18T14:46:34.560Z","etag":null,"topics":["chef","cookbooks","logging"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/express42.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-08-07T07:28:22.000Z","updated_at":"2018-11-02T21:27:19.000Z","dependencies_parsed_at":"2023-02-25T08:15:09.029Z","dependency_job_id":null,"html_url":"https://github.com/express42/rsyslog","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/express42%2Frsyslog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/express42%2Frsyslog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/express42%2Frsyslog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/express42%2Frsyslog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/express42","download_url":"https://codeload.github.com/express42/rsyslog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243158972,"owners_count":20245669,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","cookbooks","logging"],"created_at":"2024-11-17T20:40:03.068Z","updated_at":"2025-03-12T04:43:32.071Z","avatar_url":"https://github.com/express42.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Description\n\nInstalls and configures rsyslog v7 and v8. Provides LWRP for creating rules.\n\n# Requirements\n\nRsyslog native package or latest rsyslog stable package from official repository.\n\n## Platform:\n\n* Ubuntu 12.04\n* Ubuntu 14.04\n* Ubuntu 16.04\n\n# Attributes\n\n* `node['rsyslog']['version']` - Major Rsyslog version. Defaults to `7`\n* `node['rsyslog']['modules']['default_modules']` -  Defaults to `\"%w(imuxsock imklog)\"`.\n* `node['rsyslog']['modules']['extra_modules']` -  Defaults to `\"[ ... ]\"`.\n* `node['rsyslog']['preservefqdn']` -  Defaults to `\"off\"`.\n* `node['rsyslog']['global']['ActionFileDefaultTemplate']` -  Defaults to `\"RSYSLOG_TraditionalFileFormat\"`.\n* `node['rsyslog']['global']['RepeatedMsgReduction']` -  Defaults to `\"on\"`.\n* `node['rsyslog']['global']['FileOwner']` -  Defaults to `\"syslog\"`.\n* `node['rsyslog']['global']['FileGroup']` -  Defaults to `\"adm\"`.\n* `node['rsyslog']['global']['FileCreateMode']` -  Defaults to `\"0640\"`.\n* `node['rsyslog']['global']['DirCreateMode']` -  Defaults to `\"0755\"`.\n* `node['rsyslog']['global']['Umask']` -  Defaults to `\"0022\"`.\n* `node['rsyslog']['global']['PrivDropToUser']` -  Defaults to `\"syslog\"`.\n* `node['rsyslog']['global']['PrivDropToGroup']` -  Defaults to `\"syslog\"`.\n* `node['rsyslog']['global']['WorkDirectory']` -  Defaults to `\"/var/spool/rsyslog\"`.\n* `node['rsyslog']['rules']['postfix']['selector']` -  Defaults to `\"mail.*\"`.\n* `node['rsyslog']['rules']['postfix']['action']` -  Defaults to `\"/var/spool/rsyslog\"`.\n\n# Recipes\n\n* rsyslog::default - Installs and configures rsyslog.\n* rsyslog::apt_official_repo - Configures rsyslog official repository.\n\n# Resources\n* [rsyslog_rule](#rsyslog_rule)\n* [rsyslog_rule_input](#rsyslog_rule_input)\n* [rsyslog_template](#rsyslog_template)\n\n# LWRP\n\n## `rule`\nCreate loging rules for rsyslog\n### Parameters\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth\u003eParameter\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eExample\u003c/th\u003e\n\u003cth\u003eRequired?\u003c/th\u003e\n\u003cth\u003eDefault\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eselector\u003c/td\u003e\n\u003ctd\u003eFacilities and priorities from log selectors separated by period(.)\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"\"auth,authpriv.*\"\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003elog_action\u003c/td\u003e\n\u003ctd\u003eWhere to sent filtered records\u003c/td\u003e\n\u003ctd\u003e\"/var/log/mydaemon.log\"\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003epriority\u003c/td\u003e\n\u003ctd\u003ePriority loading for generated conf file\u003c/td\u003e\n\u003ctd\u003e15\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003e20\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### `rule_input`\nCreate rules for getting arbitrary log files into rsyslg\n### Parameters\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth\u003eParameter\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eExample\u003c/th\u003e\n\u003cth\u003eRequired?\u003c/th\u003e\n\u003cth\u003eDefault\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eprioriy\u003c/td\u003e\n\u003ctd\u003ePriority loading for generated conf file\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e15\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003e20\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003efilename\u003c/td\u003e\n\u003ctd\u003eLogfile source from which we polling records\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"/home/myapp/current/log/production.log\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eseverity\u003c/td\u003e\n\u003ctd\u003eSeverity level\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"Error\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eN\u003c/td\u003e\n\u003ctd\u003eInfo\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003efacility\u003c/td\u003e\n\u003ctd\u003eGroup logs by facility\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"security\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eN\u003c/td\u003e\n\u003ctd\u003edaemon\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003epersist_interval\u003c/td\u003e\n\u003ctd\u003eInterval for polling in ms\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"30000\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eN\u003c/td\u003e\n\u003ctd\u003e1000\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### `template`\nCreate template to specify the log format \n### Parameters\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth\u003eParameter\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eExample\u003c/th\u003e\n\u003cth\u003eRequired?\u003c/th\u003e\n\u003cth\u003eDefault\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003etype\u003c/td\u003e\n\u003ctd\u003eType of template, list or string is available.\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'list'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003estatement\u003c/td\u003e\n\u003ctd\u003estatement defined to created template\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e\"/var/log/system-%HOSTNAME%.log\"\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### `action`\nCreate action to send logs using output modules\n### Parameters\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth\u003eParameter\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eExample\u003c/th\u003e\n\u003cth\u003eRequired?\u003c/th\u003e\n\u003cth\u003eDefault\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003etype\u003c/td\u003e\n\u003ctd\u003eType of action.\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'omfwd'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003erule\u003c/td\u003e\n\u003ctd\u003eRule for used action\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'target=\"graylog.example.org\" port=\"12201\" protocol=\"udp\" template=\"gelf\"'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003epriority\u003c/td\u003e\n\u003ctd\u003ePriority for created action configuration file\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e30\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eN\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### `propery_based_filter`\nCreate filter using property based filter instead BSD style with facility and severity\n### Parameters\n\u003ctable\u003e\n\u003ctr\u003e\n\u003cth\u003eParameter\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eExample\u003c/th\u003e\n\u003cth\u003eRequired?\u003c/th\u003e\n\u003cth\u003eDefault\u003c/th\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eproperty\u003c/td\u003e\n\u003ctd\u003eRsyslog property, see list of all properties on official documentation site. http://www.rsyslog.com/doc/v8-stable/configuration/properties.html\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e':fromhost'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eoperator\u003c/td\u003e\n\u003ctd\u003ecompare-operations or regex\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'contains'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eY\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003ematch_string\u003c/td\u003e\n\u003ctd\u003eMatched string in used operator\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'firewall: IN='\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eЕ\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\u003ctr\u003e\n\u003ctd\u003elog_file\u003c/td\u003e\n\u003ctd\u003eResulted log file\u003c/td\u003e\n\u003ctd\u003e\u003ctt\u003e'/var/log/firewall'\u003c/tt\u003e\u003c/td\u003e\n\u003ctd\u003eЕ\u003c/td\u003e\n\u003ctd\u003enil\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n# Usage\n\n* Include `recipe[rsyslog]` in node runlist\n* Include `recipe[rsyslog::apt_official_repo]` if you need install fresh versions from official repository\n\n## Using rsyslog_rule\nIf you want to log all message from mail facility:\n\n```\nrsyslog_rule 'random-mail-service' do\n  priority 15\n  selector 'mail.*'\n  log_action '-/var/log/mail.log'\nend\n```\n\nOr if you want to send all messages to remote server:\n\n```\nrsyslog_rule 'udp-remote' do\n  selector '*.*'\n  log_action '@logs.example.com:514'\nend\n```\n\n## Using rsyslog_rule_input\nBefore using input rule you need to specify `imfile` module in `extra_modules` attribute.\n\n```\nrsyslog_rule_input \"unicorn-rails\" do\n  priority 15\n  filename \"/home/rocketbank/rocketbank/current/log/production.log\"\n  severity \"error\"\nend\n```\n\n## Using template\nCreate template for GELF ouput using in rules (need lots of escaping currently)\n\n```\nrsyslog_template 'gelf' do\n  type 'list'\n  statement 'constant(value=\"{\\\"version\\\":\\\"1.1\\\",\")\n  constant(value=\"\\\"host\\\":\\\"\")\n  property(name=\"hostname\")\n  constant(value=\"\\\",\\\"short_message\\\":\\\"\")\n  property(name=\"msg\" format=\"json\")\n  constant(value=\"\\\",\\\"timestamp\\\":\\\"\")\n  property(name=\"timegenerated\" dateformat=\"unixtimestamp\")\n  constant(value=\"\\\",\\\"level\\\":\\\"\")\n  property(name=\"syslogseverity\")\n  constant(value=\"\\\"}\")'\nend\n```\n\n## Using action\nCreate actions for sending output data to graylog server using GELF protocol\n\n```\nrsyslog_action 'gelf_output' do\n  type 'omfwd'\n  rule 'target=\"graylog.example.org\" port=\"12201\" protocol=\"udp\" template=\"gelf\"'\nend\n```\n\nSends data go kafka first, instead logging server\n\n```\nrsyslog_action 'kafka_output' do\n  type 'omkafka'\n  rule 'broker=['kafka01.exampler.org:9092', 'kafka02.exampler.org:9092'] topic=\"logger\" confParam=[\"compression.codec=snappy\"]'\nend\n\n```\n\n## Using propery_based_filter\nCreate propery matching all logs stated with [YII] in syslog and organizing it in separate cron_exceptions logfile\n\n```\nrsyslog_property_based_filter 'cron_exceptions' do\n  property ':msg'\n  operator 'regex'\n  match_string '\\[YII\\].*'\n  log_file '-/var/log/cron_exceptions'\nend\n```\n\nSee fixture cookbooks in `tests/fixtures/cookbooks`.\n\n\n# License and Maintainer\n\nMaintainer:: LLC Express 42 (\u003ccookbooks@express42.com\u003e)\n\nLicense:: MIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexpress42%2Frsyslog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexpress42%2Frsyslog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexpress42%2Frsyslog/lists"}