Let’s slice log file of an application to store separate log files during each hour and keep them in separate directories accroding to the date.
Example for RTPEngine:
- create file /etc/rsyslog.d/10-rtpengine.conf
2. add to it the following settings:
template(
name="rtpengine-tmpl" type="string"
string="/var/log/rtpengine/%$NOW%/rtpengine-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log"
)
template(
name="rtpengine-fmt" type="string"
string="%timegenerated% %HOSTNAME% %syslogtag% %msg:::drop-last-lf%\n"
)
if $app-name == ["rtpengine"] then {
action(type="omfile" dynaFile="rtpengine-tmpl" template="rtpengine-fmt")
stop
}
3. restart rsyslog.
4. profit
Example for OpenSIPS:
- create /etc/rsyslog.d/20-opensips.conf
- add to it:
# :msg, startswith, "ACC:" /var/log/opensips/acc.log # & stop # # :syslogtag, contains, "opensips" /var/log/opensips/opensips.log # & stop template( name="opensips-tmpl" type="string" string="/var/log/opensips/opensips/%$NOW%/opensips-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log" ) template( name="opensips-acc-tmpl" type="string" string="/var/log/opensips/acc/%$NOW%/acc-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log" ) template( name="opensips-fmt" type="string" string="%timegenerated% %HOSTNAME% [%procid%] %syslogseverity-text% %msg%\n" ) if $syslogtag contains "opensips" and $msg contains "ACC:" then { action(type="omfile" dynaFile="opensips-acc-tmpl" template="opensips-fmt") stop } if $syslogtag contains "opensips" then { action(type="omfile" dynaFile="opensips-tmpl" template="opensips-fmt") stop }
3. restart rsyslog.