Managing Complex rsyslog Configs

If you’re a systems administrator and only concerned with a local system’s logging, you’re familiar with /etc/rsyslog.conf, and that’s all you probably need to be familiar with.  If your aim is to provide rsyslog as a service to broad base of diverse users, you’re going to quickly outgrow /etc/rsyslog.conf.  You’re going to have multiple inputs and outputs, a laundry list of rules and templates, and you’ll need keep control of the configuration for the sake of your own sanity.  In this post I’ll go over a few of the methods and tools that I use to keep a large rsyslog service easy to configure, easy to maintain, and running smoothly.

Continue reading


$IncludeConfig is Your Friend

If you have a large rsyslog environment with multiple inputs, multiple modules, lists of templates and a slew of rules and rulesets, you’ll want to keep it all organized and accessible.   Here’s a few pointers for using $IncludeConfig  to keep your configuration as simple, easy to maintain and efficient as possible.

Continue reading