Use RainerScript templates for dynamic file names.

Use the new template(type="list") syntax instead of the old $template syntax for templates for generating dynamic log file names. This is easier to read and write, if quite a bit more verbose.

Use RainerScript templates for dynamic file names.
be988b1e · Thomas Bellman · daacf00b · be988b1e
Commit be988b1e authored 4 years ago by Thomas Bellman
--- a/templates/rsyslog-el7.conf-logserver.erb
+++ b/templates/rsyslog-el7.conf-logserver.erb
@@ -9,14 +9,17 @@ $WorkDirectory /var/lib/rsyslog
 ########################################################################
 # Templates for generating log file names
+#-----------------------------------------------------------------------
-# The regexp-replacement of %FROMHOST% is there to remove ".nsc.liu.se"
+# Where logs are stored
+# /syslogs/<year>/<month>/<day>/<sourcehost>/<hostname>
+#
+# The regexp-replacement of FROMHOST is there to remove ".nsc.liu.se"
 # from the end of names.  Otherwise, we get only the shortname "foo" if
 # the full name is "foo.nsc.liu.se", but the entire FQDN if the full
 # name is "foo.subdomain.nsc.liu.se".  Now we shorten the latter to
 # "foo.subdomain", but names outside nsc.liu.se get their full FQDN.
+#
-# The regexp-replacement of %HOSTNAME% makes sure that an empty hostname
+# The regexp-replacement of HOSTNAME makes sure that an empty hostname
 # field in the messages is replaced by "0".  If we don't, we will get
 # invalid filenames (".../fromhost/" instead of ".../fromhost/something").
 # It turned out that our HP Laserjet sends such messages, so this is not
@@ -24,9 +27,46 @@ $WorkDirectory /var/lib/rsyslog
 # We do so in the log messages written to file as well, so log parsers
 # will be less confused.
-$template LogFile,"/syslogs/%$YEAR%/%$MONTH%/%$DAY%/%FROMHOST:R,ERE,1,FIELD,0:(.*)\.nsc\.liu\.se$--end:secpath-replace%/%HOSTNAME:R,ERE,0,ZERO,0:..*--end:secpath-replace%"
+template(name="LogFile" type="list") {
+	constant(value="/syslogs/")
+	property(name="timegenerated" dateformat="year")
+	constant(value="/")
+	property(name="timegenerated" dateformat="month")
+	constant(value="/")
+	property(name="timegenerated" dateformat="day")
+	constant(value="/")
+	property(name="fromhost"
+		 regex.type="ERE"
+		 regex.expression="(.*)\\.nsc\\.liu\\.se$"
+		 regex.submatch="1"
+		 regex.nomatchmode="FIELD"
+		 securepath="replace"
+		 controlcharacters="escape"
+	)
+	constant(value="/")
+	property(name="hostname"
+		 regex.expression="..*"		# Match non-empty field
+		 regex.submatch="0"		# Replace with entire match
+		 regex.nomatchmode="ZERO"	# ... or with "0" if no match
+		 securepath="replace"
+		 controlcharacters="escape"
+	)
+}
-$template AuditLogfile,"/syslogs/audit/audit-%$YEAR%%$MONTH%%$DAY%-%$HOUR%.log"
+#-----------------------------------------------------------------------
+# Where audit logs from cluster login nodes are stored
+# /syslogs/audit/audit-<date>-<hour>.log
+template(name="AuditLogfile" type="list") {
+	constant(value="/syslogs/audit/audit-")
+	property(name="timegenerated" dateformat="year")
+	property(name="timegenerated" dateformat="month")
+	property(name="timegenerated" dateformat="day")
+	constant(value="-")
+	property(name="timegenerated" dateformat="hour")
+	constant(value=".log")
+}