How to customize log format with rsyslog

This document (000019760) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP2

Situation

Resolution

1. create a new file /etc/rsyslog.d/log.conf

#  $template <template name>, <template pattern>

# (e.g.)

$template logpattern,"%syslogpriority-text% %syslogfacility-text% %timegenerated% %HOSTNAME% %syslogtag%,%msg%\n"

# "%xxx%" is the term called the property replacer.

The property replacers used by the above template have the following meanings:

#  %syslogpriority-text% : syslog priority
#  %syslogfacilityt-text% : syslog facility
#  %timegenerated% : timestamp when the message was received
#  %HOSTNAME% : hostname
#  %syslogtag% : tag
#  %msg% : the message sent to syslog

#  The complete documentation can be found in the doc folder of the rsyslog distribution or online at
     http://www.rsyslog.com/doc

2.Bind a custom template to logs

If binding it to all the logs as default:

#  $ActionFileDefaultTemplate <your template name>

#  (e.g.)

$ActionFileDefaultTemplate logpattern

#  If binding it only to a specific log pattern:

#  <filter pattern>                   <action>;<your temlapte name>

(e.g.)
*.*                                /var/log/messages;logpattern

3.Restart rsyslog service

systemctl restart rsyslog.service

Cause

There is a requirement to change the log output details.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.