-
Thomas Bellman authored
Use RainerScript ``if'' statements and ``action()'' directives for saving of client logs instead of the traditional facility.severity selectors. There are a couple of reasons for this: - We can use program name, not just syslog facility, to select which messages should go to the audit logs. Non-audit local6 messages will not be misplaced. - We can use the more readable ``stop'' directive instead of the tilde ("~"). - We want to be able to provide more parameters to at least some actions than the traditional selector rules can do, unless you use deprecated $ directives. (This will be done in a later commit.) The rules for local logs (the ones coming from the log server itself and stored in /var/log) are left as traditional selectors, because A) they are simple rules, and easier to read that way, and B) that's the way they are written in the standard RHEL-7 /etc/rsyslog.conf file where we copied them from.Thomas Bellman authoredUse RainerScript ``if'' statements and ``action()'' directives for saving of client logs instead of the traditional facility.severity selectors. There are a couple of reasons for this: - We can use program name, not just syslog facility, to select which messages should go to the audit logs. Non-audit local6 messages will not be misplaced. - We can use the more readable ``stop'' directive instead of the tilde ("~"). - We want to be able to provide more parameters to at least some actions than the traditional selector rules can do, unless you use deprecated $ directives. (This will be done in a later commit.) The rules for local logs (the ones coming from the log server itself and stored in /var/log) are left as traditional selectors, because A) they are simple rules, and easier to read that way, and B) that's the way they are written in the standard RHEL-7 /etc/rsyslog.conf file where we copied them from.
Loading