{"id":12141,"date":"2021-12-01T14:29:02","date_gmt":"2021-12-01T09:29:02","guid":{"rendered":"https:\/\/alexeyka.zantsev.com\/?p=12141"},"modified":"2021-12-01T14:37:58","modified_gmt":"2021-12-01T09:37:58","slug":"rsyslog-slicing-dicing-application-log-files","status":"publish","type":"post","link":"https:\/\/alexeyka.zantsev.com\/?p=12141","title":{"rendered":"rsyslog: slicing & dicing application log files"},"content":{"rendered":"\n

Let’s slice log file of an application to store separate log files during each hour and keep them in separate directories accroding to the date.<\/p>\n\n\n\n

\n\n\n\n

Example for RTPEngine:<\/p>\n\n\n\n

  1. create file \/etc\/rsyslog.d\/10-rtpengine.conf<\/li><\/ol>\n\n\n\n

    2. add to it the following settings:<\/p>\n\n\n\n

    template(\n    name=\"rtpengine-tmpl\" type=\"string\"\n    string=\"\/var\/log\/rtpengine\/%$NOW%\/rtpengine-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log\"\n)\n\ntemplate(\n    name=\"rtpengine-fmt\" type=\"string\"\n    string=\"%timegenerated% %HOSTNAME% %syslogtag% %msg:::drop-last-lf%\\n\"\n)\n\nif $app-name == [\"rtpengine\"] then {\n    action(type=\"omfile\" dynaFile=\"rtpengine-tmpl\" template=\"rtpengine-fmt\")\n    stop\n}<\/span><\/pre>\n\n\n\n
    3. restart rsyslog.<\/p>\n\n\n\n
    4. profit<\/p>\n\n\n\n
    \"\"<\/a>
    screenshot of a config file<\/figcaption><\/figure>\n\n\n\n
    \"\"<\/a>
    the result<\/figcaption><\/figure>\n\n\n\n
    \n\n\n\n
    Example for OpenSIPS:<\/p>\n\n\n\n
    1. create \/etc\/rsyslog.d\/20-opensips.conf<\/li>
    2. add to it:<\/li><\/ol>\n\n\n\n
      # :msg, startswith, \"ACC:\" \/var\/log\/opensips\/acc.log\n# & stop\n#\n# :syslogtag, contains, \"opensips\" \/var\/log\/opensips\/opensips.log\n# & stop\n\ntemplate(\n\tname=\"opensips-tmpl\" type=\"string\"\n\tstring=\"\/var\/log\/opensips\/opensips\/%$NOW%\/opensips-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log\"\n)\n\ntemplate(\n        name=\"opensips-acc-tmpl\" type=\"string\"\n        string=\"\/var\/log\/opensips\/acc\/%$NOW%\/acc-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log\"\n)\n\ntemplate(\n\tname=\"opensips-fmt\" type=\"string\"\n\tstring=\"%timegenerated% %HOSTNAME% [%procid%] %syslogseverity-text% %msg%\\n\"\n)\n\nif $syslogtag contains \"opensips\" and $msg contains \"ACC:\" then {\n        action(type=\"omfile\" dynaFile=\"opensips-acc-tmpl\" template=\"opensips-fmt\")\n        stop\n}\n<\/span>\nif $syslogtag contains \"opensips\" then {\n\taction(type=\"omfile\" dynaFile=\"opensips-tmpl\" template=\"opensips-fmt\")\n\tstop\n}<\/span><\/pre>\n\n\n\n
      3. restart rsyslog.<\/p>\n","protected":false},"excerpt":{"rendered":"
      Let’s slice log file of an application to store separate log files during each hour and keep them in separate directories accroding to the date. Example for RTPEngine: create file \/etc\/rsyslog.d\/10-rtpengine.conf 2. add to it the following settings: template( name=”rtpengine-tmpl” type=”string” string=”\/var\/log\/rtpengine\/%$NOW%\/rtpengine-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log” ) template( name=”rtpengine-fmt” type=”string” string=”%timegenerated% %HOSTNAME% %syslogtag% %msg:::drop-last-lf%\\n” ) if $app-name == [“rtpengine”] […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[272,240],"class_list":["post-12141","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-logs","tag-rsyslog"],"_links":{"self":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/12141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12141"}],"version-history":[{"count":24,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/12141\/revisions"}],"predecessor-version":[{"id":12167,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/12141\/revisions\/12167"}],"wp:attachment":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}