rsyslog
rsyslog copied to clipboard
sous-chefs
Add a filter into rsyslog.conf
Cookbook version
6.0.1
Chef-client version
12.19.36
Platform Details
Scenario:
We are using some custom rsyslog filters like this:
:msg, contains, "watcherout" /var/log/watcherout
We are doing that manually currently.
Is there any way to configure it and add the filter into rsyslog.conf using this cookbook?
I think it's not available even now.
It's a very tricky thing to figure out, given the permutations of rulesets, and maybe no one's tackled it yet. I'm working on something similar, internally, but I expect it'll be so ugly that I won't want to release it -- even if it DOES work!
Consider writing your own, first as a template and then better as a LWRP or so, and see whether you can get something that's usable, versatile and, ideally, pretty.
While we wait for a better solution, here are a couple of workarounds:
To override the rsyslog.conf.erb template from a different cookbook: https://syshero.org/2013-11-22-override-templates-from-third-party-cookbooks-on/
This breaks the DRY principle, since your wrapper cookbook's rsyslog.conf.erb might drift over time.
Here's a horribly hacky way to do it without modifying the template or cookbook (in an attribute rb file):
# The sous-chef rsyslog cookbook doesn't allow the rsyslog.conf.erb file
# from another cookbook to be pointed to by an attribute. :(
# So we're going to do a horrible hack to get the filters loaded
# before the modules
if node['rsyslog'].key?('filter_msg_contains')
override['rsyslog']['preserve_fqdn'] << "\n\n# Filters from attributes. This needs to happen
# before any output modules are loaded so will affect local logging too\n"
node['rsyslog']['filter_msg_contains'].each do |f|
override['rsyslog']['preserve_fqdn'] << ":msg, contains, \"#{f}\" ~\n"
end
end
Another option is to pay attention to an attribute that defines a pre-module include directive