[rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm this is actually correct.
Dump all nrpe messages into a file, and once done discard.
* Legacy format
:programname, isequal, "nrpe" /app/rsyslog/messages.nrpe.all
:programname, isequal, "nrpe" &
* New format
if ( $programname == "nrpe" ) then {
action(type="omfile" file="/app/rsyslog/messages.nrpe.all" flushOnTXEnd="off")
stop
}

This works, but I'll point out that the following also works

if ( $programname == "nrpe" ) then {
/app/rsyslog/messages.nrpe.all
stop
}

you don't have to switch everything to use action(), the general recommendation
is taht if it's a single line in the legacy format, and it's at least as clear
as the new format, go ahead and use the legacy format.

It's when you have things that are multiple lines of config in the old format
(setting lots of $foo lines and then having the line that they affect) that the
old format becomes confusing and you should switch to the new format. There are
also new features available in the action() syntax, but if the old format does
what you want, you aren't using the new feature :-)

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-09 08:30:48 UTC

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm this

is actually correct.

Post by sophie.loewenthal--- via rsyslog
Dump all nrpe messages into a file, and once done discard.
* Legacy format
:programname, isequal, "nrpe" /app/rsyslog/messages.nrpe.all
:programname, isequal, "nrpe" &
* New format
if ( $programname == "nrpe" ) then {
action(type="omfile" file="/app/rsyslog/messages.nrpe.all"

flushOnTXEnd="off")

Hi David,
I presumed incorrectly that the legacy format was deprecated and would be obsolete later. If this is not the case, I'm happy to mix these syntaces together.
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Rainer Gerhards

2018-11-09 08:45:02 UTC

https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html

HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm this

is actually correct.

flushOnTXEnd="off")

Hi David,
I presumed incorrectly that the legacy format was deprecated and would be obsolete later. If this is not the case, I'm happy to mix these syntaces together.
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-09 09:07:30 UTC

Thanks Rainer for the details.

Thus these statements should be replaced with something from the 'basic' or 'advanced' format

$umask 0000
$CreateDirs on
$fileOwner rsyslog
$fileGroup uxadmin
$dirGroup uxadmin
$FileCreateMode 0660
$DynaFileCacheSize 600
$PrivDropToUser rsyslog
$PrivDropToGroup rsyslog

Best wishes,
Sophie

-----Original Message-----
Sent: Friday, November 09, 2018 9:45 AM
To: rsyslog-users
Cc: David Lang; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format
https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm

this

is actually correct.

flushOnTXEnd="off")

There

are
also new features available in the action() syntax, but if the old format does
what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and would be

obsolete later. If this is not the case, I'm happy to mix these syntaces together.

Post by sophie.loewenthal--- via rsyslog
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be reliable, BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified, changed or

falsified.

Post by sophie.loewenthal--- via rsyslog
Do not print this message unless it is necessary, consider the environment.
-----------------------------------------------------------------------------------------------

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans

l'hypothese

Post by sophie.loewenthal--- via rsyslog
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.

Rainer Gerhards

2018-11-09 09:17:23 UTC

El vie., 9 nov. 2018 a las 10:07,

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic' or 'advanced' format
$umask 0000
$CreateDirs on
$fileOwner rsyslog
$fileGroup uxadmin
$dirGroup uxadmin
$FileCreateMode 0660
$DynaFileCacheSize 600
$PrivDropToUser rsyslog
$PrivDropToGroup rsyslog

I think so. Sadly for some there may still be no new-style equivalent.
We have focused on those that are critical, e.g. easy to mistake (like
DynaFileCache, which means folks think to be a global statement). Some
of the real global ones may not be converted yet as we never stumbled
over them. If you find some, it would be great to open a github issue.

Rainer

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm

this

is actually correct.

flushOnTXEnd="off")

There

are
also new features available in the action() syntax, but if the old format does
what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and would be

obsolete later. If this is not the case, I'm happy to mix these syntaces together.

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be reliable, BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified, changed or

falsified.

-----------------------------------

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans

l'hypothese

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-09 09:31:06 UTC

Is there a page that maps legacy statements to the new version?

Why do I ask?
* My search on rsyslog.com for PrivDropToUser give me this link:
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default
and clicking on the Dropping privileges in rsyslog link gave an Invalid file specified :(
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser

* The first page of google for Dynafilecachesize gives me this:
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

-----Original Message-----
Sent: Friday, November 09, 2018 10:17 AM
To: LOEWENTHAL Sophie
Cc: rsyslog-users; David Lang
Subject: Re: [rsyslog] Code verification : legacy to new format
El vie., 9 nov. 2018 a las 10:07,

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic' or

'advanced' format

Post by sophie.loewenthal--- via rsyslog
$umask 0000
$CreateDirs on
$fileOwner rsyslog
$fileGroup uxadmin
$dirGroup uxadmin
$FileCreateMode 0660
$DynaFileCacheSize 600
$PrivDropToUser rsyslog
$PrivDropToGroup rsyslog

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would

confirm

this

is actually correct.

flushOnTXEnd="off")

format

(setting lots of $foo lines and then having the line that they affect) that

the

old format becomes confusing and you should switch to the new format.

There

are
also new features available in the action() syntax, but if the old format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and would

obsolete later. If this is not the case, I'm happy to mix these syntaces

together.

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified,

changed or

falsified.

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans

l'hypothese

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

Flo Rance via rsyslog

2018-11-09 09:37:52 UTC

Hi,

If you search on v8-stable instead of v7-stable, everything is there.

Flo

On Fri, Nov 9, 2018 at 10:31 AM sophie.loewenthal--- via rsyslog <

Post by sophie.loewenthal--- via rsyslog
Is there a page that maps legacy statements to the new version?
Why do I ask?
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default
and clicking on the Dropping privileges in rsyslog link gave an Invalid file specified :(
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the

'basic' or

'advanced' format

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Friday, November 09, 2018 9:45 AM
To: rsyslog-users
Cc: David Lang; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html

HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody

would

confirm

this

is actually correct.

flushOnTXEnd="off")

least as clear

as the new format, go ahead and use the legacy format.
It's when you have things that are multiple lines of config in

the old

format

(setting lots of $foo lines and then having the line that they

affect) that

the

old format becomes confusing and you should switch to the new

format.

There

are
also new features available in the action() syntax, but if the

old format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and

would

obsolete later. If this is not the case, I'm happy to mix these

syntaces

together.

recipient(s),

Post by sophie.loewenthal--- via rsyslog
please delete it and any copies from your systems and immediately

notify

Post by sophie.loewenthal--- via rsyslog
the sender. Any unauthorized view, use that does not comply with

its

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is

prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be

reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if

modified,

changed or

falsified.

Post by sophie.loewenthal--- via rsyslog
Do not print this message unless it is necessary, consider the

environment.
-------------------------------------------------------------------------------------------

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont

confidentiels.

Post by sophie.loewenthal--- via rsyslog
Si vous recevez ce message par erreur ou s'il ne vous est pas

destine,

Post by sophie.loewenthal--- via rsyslog
merci de le detruire ainsi que toute copie de votre systeme et

d'en avertir

Post by sophie.loewenthal--- via rsyslog
immediatement l'expediteur. Toute lecture non autorisee, toute

utilisation

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute

diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne

permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration,

BNP Paribas

Post by sophie.loewenthal--- via rsyslog
(et ses filiales) decline(nt) toute responsabilite au titre de ce

message dans

l'hypothese

myriad

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-09 09:48:18 UTC

Hi Flo,

https://www.rsyslog.com/doc/v8-stable/configuration/droppriv.html
https://www.rsyslog.com/doc/v8-stable/configuration/action/rsconf1_dynafilecachesize.html

The v8 contains the $ prefixed variables. Does this mean there are no new-style equivalent global variables for the legacy variable?

But I do see that these can be set individually in omfile module, but it's easy for me and makes more sense for me to set them globally in my case,
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html

Br,
Sophie
-----------------------------------------------------
From: Flo Rance [mailto:***@gmail.com]
Sent: Friday, November 09, 2018 10:38 AM
To: rsyslog-users
Cc: Rainer Gerhards; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Hi,

If you search on v8-stable instead of v7-stable, everything is there.

Flo

On Fri, Nov 9, 2018 at 10:31 AM sophie.loewenthal--- via rsyslog <***@lists.adiscon.com> wrote:
Is there a page that maps legacy statements to the new version?

Why do I ask?
* My search on rsyslog.com for PrivDropToUser give me this link:
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default
and clicking on the Dropping privileges in rsyslog link gave an Invalid file specified :(
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser

* The first page of google for Dynafilecachesize gives me this:
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic' or

'advanced' format

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Hi,
This seems to work for me, but I'd be grateful if somebody would

confirm

this

is actually correct.

Dump all nrpe messages into a file, and once done discard.
* Legacy format
:programname, isequal, "nrpe" /app/rsyslog/messages.nrpe.all
:programname, isequal, "nrpe" &
* New format
if ( $programname == "nrpe" ) then {
action(type="omfile" file="/app/rsyslog/messages.nrpe.all"

flushOnTXEnd="off")

stop
}

format

(setting lots of $foo lines and then having the line that they affect) that

the

old format becomes confusing and you should switch to the new format.

There

are
also new features available in the action() syntax, but if the old format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and would

obsolete later. If this is not the case, I'm happy to mix these syntaces

together.

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified,

changed or

falsified.

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans

l'hypothese

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if y

Flo Rance via rsyslog

2018-11-09 09:53:00 UTC

Hi Sophie,

This is how I understand it, however there might be something else and I
don't know it.

Regards,
Flo

Post by sophie.loewenthal--- via rsyslog
Hi Flo,
https://www.rsyslog.com/doc/v8-stable/configuration/droppriv.html
https://www.rsyslog.com/doc/v8-stable/configuration/action/rsconf1_dynafilecachesize.html
The v8 contains the $ prefixed variables. Does this mean there are no
new-style equivalent global variables for the legacy variable?
But I do see that these can be set individually in omfile module, but it's
easy for me and makes more sense for me to set them globally in my case,
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
Br,
Sophie
-----------------------------------------------------
Sent: Friday, November 09, 2018 10:38 AM
To: rsyslog-users
Cc: Rainer Gerhards; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format
Hi,
If you search on v8-stable instead of v7-stable, everything is there.
Flo
On Fri, Nov 9, 2018 at 10:31 AM sophie.loewenthal--- via rsyslog <
Is there a page that maps legacy statements to the new version?
Why do I ask?
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default
and clicking on the Dropping privileges in rsyslog link gave an Invalid file specified :(
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the

'basic' or

'advanced' format

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Friday, November 09, 2018 9:45 AM
To: rsyslog-users
Cc: David Lang; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html

HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody

would

confirm

this

is actually correct.

flushOnTXEnd="off")

least as clear

as the new format, go ahead and use the legacy format.
It's when you have things that are multiple lines of config in

the old

format

(setting lots of $foo lines and then having the line that they

affect) that

the

old format becomes confusing and you should switch to the new

format.

There

are
also new features available in the action() syntax, but if the

old format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and

would

obsolete later. If this is not the case, I'm happy to mix these

syntaces

together.

recipient(s),

Post by sophie.loewenthal--- via rsyslog
please delete it and any copies from your systems and immediately

notify

Post by sophie.loewenthal--- via rsyslog
the sender. Any unauthorized view, use that does not comply with

its

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is

prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be

reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if

modified,

changed or

falsified.

Post by sophie.loewenthal--- via rsyslog
Do not print this message unless it is necessary, consider the

environment.
-------------------------------------------------------------------------------------------

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont

confidentiels.

Post by sophie.loewenthal--- via rsyslog
Si vous recevez ce message par erreur ou s'il ne vous est pas

destine,

Post by sophie.loewenthal--- via rsyslog
merci de le detruire ainsi que toute copie de votre systeme et

d'en avertir

Post by sophie.loewenthal--- via rsyslog
immediatement l'expediteur. Toute lecture non autorisee, toute

utilisation

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute

diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne

permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration,

BNP Paribas

Post by sophie.loewenthal--- via rsyslog
(et ses filiales) decline(nt) toute responsabilite au titre de ce

message dans

l'hypothese

myriad

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

Rainer Gerhards

2018-11-09 10:26:56 UTC

El vie., 9 nov. 2018 a las 10:49,

No - we need someone who updates the older parts of the doc. I do it
whenever I have time, but that's pretty seldom.

Post by sophie.loewenthal--- via rsyslog
But I do see that these can be set individually in omfile module, but it's easy for me and makes more sense for me to set them globally in my case,
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html

Search for "dynafile" on that page. It shows you the old-style
*equivalent*. And it indeed is an equivalent, the old style also
affects the next action. And by this I notice that there seems to be a
long-standing bug in obsolete legacy doc where it mentions "global".
It's not, it's "action" scope. Ok, one of the times to do a doc PR
myself - or is someone up to it?

Rainer

Post by sophie.loewenthal--- via rsyslog
Br,
Sophie
-----------------------------------------------------
Sent: Friday, November 09, 2018 10:38 AM
To: rsyslog-users
Cc: Rainer Gerhards; LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format
Hi,
If you search on v8-stable instead of v7-stable, everything is there.
Flo
Is there a page that maps legacy statements to the new version?
Why do I ask?
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default
and clicking on the Dropping privileges in rsyslog link gave an Invalid file specified :(
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic' or

'advanced' format

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would

confirm

this

is actually correct.

flushOnTXEnd="off")

format

(setting lots of $foo lines and then having the line that they affect) that

the

old format becomes confusing and you should switch to the new format.

There

are
also new features available in the action() syntax, but if the old format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and would

obsolete later. If this is not the case, I'm happy to mix these syntaces

together.

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is prohibited. Since the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified,

changed or

falsified.

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne permettant pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans

l'hypothese

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-09 10:38:05 UTC

Thanks Rainer. This is clear.

-----Original Message-----
Sent: Friday, November 09, 2018 11:27 AM
To: LOEWENTHAL Sophie
Cc: Flo Rance; rsyslog-users
Subject: Re: [rsyslog] Code verification : legacy to new format
El vie., 9 nov. 2018 a las 10:49,

Post by sophie.loewenthal--- via rsyslog
Hi Flo,
https://www.rsyslog.com/doc/v8-stable/configuration/droppriv.html
https://www.rsyslog.com/doc/v8-

stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
The v8 contains the $ prefixed variables. Does this mean there are no new-

style equivalent global variables for the legacy variable?
No - we need someone who updates the older parts of the doc. I do it
whenever I have time, but that's pretty seldom.

Post by sophie.loewenthal--- via rsyslog
But I do see that these can be set individually in omfile module, but it's easy for

me and makes more sense for me to set them globally in my case,

Post by sophie.loewenthal--- via rsyslog
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html

stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default

Post by sophie.loewenthal--- via rsyslog
and clicking on the Dropping privileges in rsyslog link gave an Invalid file

specified :(

Post by sophie.loewenthal--- via rsyslog
https://www.rsyslog.com/doc/v7-

stable/configuration/droppriv.rst.html?highlight=privdroptouser

Post by sophie.loewenthal--- via rsyslog
https://www.rsyslog.com/doc/v7-

stable/configuration/action/rsconf1_dynafilecachesize.html

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic'

'advanced' format

Post by sophie.loewenthal--- via rsyslog
Best wishes,
Sophie

stable/configuration/conf_formats.html

HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would

confirm

this

is actually correct.

flushOnTXEnd="off")

format

(setting lots of $foo lines and then having the line that they affect)

that

the

old format becomes confusing and you should switch to the new

format.

There

are
also new features available in the action() syntax, but if the old

format

does

what you want, you aren't using the new feature :-)
David Lang

Hi David,
I presumed incorrectly that the legacy format was deprecated and

would

obsolete later. If this is not the case, I'm happy to mix these syntaces

together.

notify

Post by sophie.loewenthal--- via rsyslog
the sender. Any unauthorized view, use that does not comply with its

purpose,

Post by sophie.loewenthal--- via rsyslog
dissemination or disclosure, either whole or partial, is prohibited. Since

the

internet

Post by sophie.loewenthal--- via rsyslog
cannot guarantee the integrity of this message which may not be

reliable,

BNP

PARIBAS

Post by sophie.loewenthal--- via rsyslog
(and its subsidiaries) shall not be liable for the message if modified,

changed or

falsified.

Post by sophie.loewenthal--- via rsyslog
Do not print this message unless it is necessary, consider the

environment.

Post by sophie.loewenthal--- via rsyslog
---------------------------------------------------------------------------------------

----

----

-----------------------------------

Post by sophie.loewenthal--- via rsyslog
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont

confidentiels.

Post by sophie.loewenthal--- via rsyslog
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en

avertir

Post by sophie.loewenthal--- via rsyslog
immediatement l'expediteur. Toute lecture non autorisee, toute

utilisation

Post by sophie.loewenthal--- via rsyslog
ce message qui n'est pas conforme a sa destination, toute diffusion ou

toute

Post by sophie.loewenthal--- via rsyslog
publication, totale ou partielle, est interdite. L'Internet ne permettant

pas

d'assurer

Post by sophie.loewenthal--- via rsyslog
l'integrite de ce message electronique susceptible d'alteration, BNP

Paribas

Post by sophie.loewenthal--- via rsyslog
(et ses filiales) decline(nt) toute responsabilite au titre de ce message

dans

l'hypothese

myriad

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you

DON'T

LIKE THAT.

sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.

Rainer Gerhards

2018-11-09 09:46:39 UTC

El vie., 9 nov. 2018 a las 10:31,

Post by sophie.loewenthal--- via rsyslog
Is there a page that maps legacy statements to the new version?
Why do I ask?

Which is the exact link of that search page? It probably needs to be
fixed/turned off.

Thx,
Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NO

sophie.loewenthal--- via rsyslog

2018-11-09 10:03:22 UTC

From this QuickSearch box and search on " privdroptouser " on this page:
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

Goves this link to
https://www.rsyslog.com/doc/v7-stable/search.html?q=PrivDropToUser+&check_keywords=yes&area=default

To this link:
https://www.rsyslog.com/doc/v7-stable/configuration/droppriv.rst.html?highlight=privdroptouser

-----Original Message-----
Sent: Friday, November 09, 2018 10:47 AM
To: LOEWENTHAL Sophie
Cc: rsyslog-users; David Lang
Subject: Re: [rsyslog] Code verification : legacy to new format
El vie., 9 nov. 2018 a las 10:31,

Post by sophie.loewenthal--- via rsyslog
Is there a page that maps legacy statements to the new version?
Why do I ask?

Which is the exact link of that search page? It probably needs to be
fixed/turned off.
Thx,
Rainer

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DO

Rainer Gerhards

2018-11-09 10:22:07 UTC

El vie., 9 nov. 2018 a las 11:06,

Post by sophie.loewenthal--- via rsyslog
https://www.rsyslog.com/doc/v7-stable/configuration/action/rsconf1_dynafilecachesize.html

What linked to this page? Or did you select v7 intensionally? v7 doc
is up as a service for users of this outdated version.

Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if

David Lang

2018-11-09 18:56:29 UTC

Yes, the reason is that some of these things affect all outputs after that point
in the file, others only affect the next output, and none of them affect any
action() statement

so using these is likely to cause confusion.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-11-12 08:43:38 UTC

-----Original Message-----
Sent: Friday, November 09, 2018 7:56 PM
To: LOEWENTHAL Sophie
Cc: Rainer Gerhards; rsyslog-users
Subject: RE: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Thanks Rainer for the details.
Thus these statements should be replaced with something from the 'basic' or

'advanced' format

Hi,

so using these is likely to cause confusion.

Indeed it did in my earlier configs :)

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

David Lang

2018-11-09 18:54:55 UTC

It it takes multiple lines to set something up (several $something lines
followed by the action), you are probably using the obsolete format and should
re-do it.

If what you are doing can be done in a single line, it's probably just fine to
keep using it.

Rsyslog started off using the same things that were in sysklog (what's worked in
syslog.conf forever), but as it gained new capabilities, that syntax needed to
be extended, and it got more and more complicated to understand.

With version 6 a new syntax was introduced that makes it much easier to
understand what is happening with more complex configs. Initially it was stated
that everything in the older syntax was legacy and going to go away 'someday',
but over time we have refined this position to discourage use of the parts that
caused the most problems while still supporting the simple things. This change
from two categories of syntax to three happened within the last year or so (I
think around 8.30 or so) so the older documentation will refer to all of the old
syntax as legacy and suggest moving everything to the new format.

It's unlikely that we will ever remove support for what we are declaring
obsolete (we _really_ believe in backwards compatibility), but we discourage
it's use.

David Lang

Date: Fri, 9 Nov 2018 09:45:02 +0100
Subject: Re: [rsyslog] Code verification : legacy to new format
https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
HTH
Rainer
El vie., 9 nov. 2018 a las 9:30, sophie.loewenthal--- via rsyslog

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm this

is actually correct.

flushOnTXEnd="off")

Hi David,
I presumed incorrectly that the legacy format was deprecated and would be obsolete later. If this is not the case, I'm happy to mix these syntaces together.
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

John Chivian

2018-11-12 22:52:15 UTC

Using the configuration line...

*.debug /path/to/debug.msgs

...and the configuration block...

*.debug {
action(
    type="omfile"
    file="/path/to/debug.msgs"
)
}

...are functionally identical. However, neither has a "name" specified
so you get a pstats statistics name of "action28" or something equally
as informative like "action31" or "action12".

   Adding the action name to the new style configuration...

*.debug {
action(
name="debugActionName"
type="omfile"
    file="/path/to/debug.msgs"
)
}

... gives a pstats statistics name of "debugActionName" as distinguished
from a separately defined "infoActionName", and this is much more useful
and several orders of magnitude easier than somehow having to know that
"action28" is the former and "action29" is the latter when doing stream
monitoring using pstats.

   The pstats subsystem is your friend! Think of it as the EEG and EKG
monitors of your running instance, and give all of your actions unique
names to differentiate them in this manner.

Regards,

Post by David Lang
It it takes multiple lines to set something up (several $something
lines followed by the action), you are probably using the obsolete
format and should re-do it.
If what you are doing can be done in a single line, it's probably just
fine to keep using it.
Rsyslog started off using the same things that were in sysklog (what's
worked in syslog.conf forever), but as it gained new capabilities,
that syntax needed to be extended, and it got more and more
complicated to understand.
With version 6 a new syntax was introduced that makes it much easier
to understand what is happening with more complex configs. Initially
it was stated that everything in the older syntax was legacy and going
to go away 'someday', but over time we have refined this position to
discourage use of the parts that caused the most problems while still
supporting the simple things. This change from two categories of
syntax to three happened within the last year or so (I think around
8.30 or so) so the older documentation will refer to all of the old
syntax as legacy and suggest moving everything to the new format.
It's unlikely that we will ever remove support for what we are
declaring obsolete (we _really_ believe in backwards compatibility),
but we discourage it's use.
David Lang

sophie.loewenthal--- via rsyslog

2018-11-09 08:53:44 UTC

-----Original Message-----
Sent: Thursday, November 08, 2018 10:30 PM
To: sophie.loewenthal--- via rsyslog
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] Code verification : legacy to new format

Post by sophie.loewenthal--- via rsyslog
Hi,
This seems to work for me, but I'd be grateful if somebody would confirm this

is actually correct.

flushOnTXEnd="off")