Programming-language like
From rsyslog wiki
This is inspired by the idea that the config file should look much like a programming language. These examples here are heavily thought out and can be used to abstract the object model. So they are a likely candidate for inclusion.
A sample:
*.* /var/log/mail.log # this is what should be done in good old syslogd config
define rule1 as rule {
filter emergency,
action writeMail,
action {
type filewrite,
file "/var/log/messages.log",
mode execOnPrevFailure
}
}
rule {
filter { condition %severity < "debug" and lower(substr(%msg, 5, 3)) <> "err" }
action {
type filewrite,
file "/var/log/messages.log"
}
}
Note in the definition of rule1 that an action can be either predefined or be defined inline where it is being used.
BASIC-like:
if true then
if predefinedFilter then
if %severity < "debug" and lower(substr(%msg, 5, 3)) <> "err" then
action params
type filewrite,
file "/var/log/messages.log"
endparams
action logMail
define rule1 as if ...
endif
define ruleset1 as
ruleset params
input udpin,
if ...
rule1 <-- here is the problem!
endparams
Note the "here is the problem" marker. The problem is that there is no clean way to specify a rule both inline or refer to a rule definition via the same syntax (something that is desired to be flexible).
c-like with functions:
if1:
{
if(%severity < "debug" && lower(substr(%msg, 5, 3)) != "err")
}
action1()
{
action(type=filewrite, file="/var/log/mail.log")
}
rule1()
{
if1()
action1()
action(type=filewrite, file="/var/log/messages.log")
}
rule(if1,action1)
ruleset(rule1, rule(if1, action(type=filewrite, file="/var/log/messages.log")))
rule(action1(),input="$all")
input(type=udp, bind="127.0.0.1")
In this last example, objects are defined by specifying the object type (e.g. action()). Complete objects may be named (like "if1") or may be specified inline. The syntax looks flexible, but is brief. It is questionable if it is intuitive. However, it is probably the best candidate when in comes to flexibility and power.
