If you’re a systems administrator and only concerned with a local system’s logging, you’re familiar with /etc/rsyslog.conf, and that’s all you probably need to be familiar with. If your aim is to provide rsyslog as a service to broad base of diverse users, you’re going to quickly outgrow /etc/rsyslog.conf. You’re going to have multiple inputs and outputs, a laundry list of rules and templates, and you’ll need keep control of the configuration for the sake of your own sanity. In this post I’ll go over a few of the methods and tools that I use to keep a large rsyslog service easy to configure, easy to maintain, and running smoothly.
If you have a large rsyslog environment with multiple inputs, multiple modules, lists of templates and a slew of rules and rulesets, you’ll want to keep it all organized and accessible. Here’s a few pointers for using $IncludeConfig to keep your configuration as simple, easy to maintain and efficient as possible.