Logserver: Use RainerScript for log rules.

Use RainerScript ``if'' statements and ``action()'' directives for saving of client logs instead of the traditional facility.severity selectors. There are a couple of reasons for this: - We can use program name, not just syslog facility, to select which messages should go to the audit logs. Non-audit local6 messages will not be misplaced. - We can use the more readable ``stop'' directive instead of the tilde ("~"). - We want to be able to provide more parameters to at least some actions than the traditional selector rules can do, unless you use deprecated $ directives. (This will be done in a later commit.) The rules for local logs (the ones coming from the log server itself and stored in /var/log) are left as traditional selectors, because A) they are simple rules, and easier to read that way, and B) that's the way they are written in the standard RHEL-7 /etc/rsyslog.conf file where we copied them from.

Logserver: Use RainerScript for log rules.
165203d4 · Thomas Bellman · a8daf71a · 165203d4
Commit 165203d4 authored 4 years ago by Thomas Bellman
--- a/templates/rsyslog-el7.conf-logserver.erb
+++ b/templates/rsyslog-el7.conf-logserver.erb
@@ -206,16 +206,26 @@ module(load="builtin:omfile"
 # All logs, remote as well as local
-# auditing of login nodes
+# Audit logs of cluster login nodes
-local6.*			-?AuditLogfile;NSCLogFormatSourcePri
+if $syslogfacility-text == "local6" and $programname == "audispd" then
-local6.*			~
+{
+    action(type="omfile"  dynaFile="AuditLogfile"
+	   template="NSCLogFormatSourcePri")
+    # These are extremely voluminous, so don't let them be processed
+    # (and thus stored) by later rules.
+    stop
+}
-*.*				?LogFile;NSCLogFormat
+# Everything else stored in the normal /syslogs/... paths
+action(type="omfile"  dynaFile="LogFile")
-# We log everything to one file as well, for easy 'tail -f':ing
+# We log authpriv information to one file as well, for easy 'tail -f':ing
-# This file is logrotated every day, with only one generation
+# This file is logrotated every day, with only one generation saved.
-# saved.
+if $syslogfacility-text == "authpriv" then
-authpriv.*			-/syslogs/logstream;NSCLogFormatSourcePri
+{
+    action(type="omfile"  file="/syslogs/logstream"
+	   template="NSCLogFormatSourcePri")
+}