# this is an example based on early RainerScript ideas
# ( http://www.rsyslog.com/doc-rscript_abnf.html ), however,
# it does not conform to the early ABNF (what is no problem,
# because we can change it). Note that this sample most probably
# would not transform 100% to a grammar, so we would need to modify at
# least some details (like the need to put names in quotes, something
# I am concerned about but do not like to elaborate right now -- the 
# bottom line is: expect minor changes).

set global(emitstartupmessages="off");

load imtcp(maxlisten=512);
load imudp(binary="/unusual/path/to/binary/imudpexp.so");
load imuxsock;
load ommail;

# we can set module parameters after they are loaded -- necessary for built-in modules
# ... but also error-prone. Probably better to require explicit load of builtins...
set omfile(defaultTemplate="RSYSLOG_TraditionalFileFormat");

run imtcp(listen=10515, ruleset="remote10515");
run imudp(listen=10515, ruleset="remote10515");
run imuxsock;

ruleset remote10514 {
	# we don't have any filters at all
	call omfile (file="/var/log/catchall");
	include action dynfile;
}

ruleset testFromEMail {
	if expr then {
		call omfile(file="/var/log/file1", sync="no");
		# the next action has samples of action-module specifc
		# parameters, queue parameters and generic action
		# parameters.
		call omfile(file="/var/log/file2", sync="yes",
			    queue.mode="array", queue.size=5000,
			    action.concurrency="norestriction");
	} else {
		if expr2 then
			call omfile(file="/var/log/file3");
		else
			call omfile(file="/var/log/file4");
	}
	# now we define some actions that need to be executed one after another
	serial{
		call omfile(file="/path/to/file1");
		call omfile(file="/path/to/file2");
	}serial
}

ruleset singleaction call omfile(file="/blah");

load smcustom;
template strgenSampel(strgen=smcustom);
template dynGen(format="/var/log/%fromhost%.log");

# this is a "stand-alone" action, to be used in more than one rule
action dynfile(call="omfile", format="%msg%\n", filetemplate="dynGen");

ruleset remote10514 {
	if pri("mail.*") then {
 		call omfile(file="/var/log/remote10514");
		include action dynfile;
	}
	if pri("mail.*" and execonlyonce("5sec") then {
 		call udpfwd(target="192.168.1.2:514");
	}
	if previousfailed() then {
 		call udpfwd(target="192.168.1.3:514");
	}
 	if "$severity == 'error' and $msg contains 'Link 2' then {
 		call ommail(server="192.168.1.3",
 			    from="someone@example.net",
 			    to="ops@example.net",
 			    subject="###error &quot;detected&quot;###");
	}
}


################## end if this config, new config follows ###############

# the following is based on the default fedora v3 rsyslog.conf

# BEGIN #

load imuxsock	# provides support for local system logging (e.g. via logger command)
load imklog	# provides kernel logging support (previously done by rklogd)

run imuxsock;
run imklog;

# Use default timestamp format
set global(fileDefaultTemplate="RSYSLOG_TraditionalFileFormat");

ruleset default {
	if pri("*.info;mail.none;authpriv.none;cron.none") {
		call omfile(file="/var/log/messages");
	}

	# The authpriv file has restricted access.
	if pri("authpriv.*") then {
		call omfile(file="/var/log/secure");
	}

	# Log all the mail messages in one place.
	if pri("mail.*") then {
		call omfile(file="/var/log/maillog");
	}

	# Log cron stuff
	if pri("cron.*") then {
		call omfile(file="/var/log/cron");
	}

	# Everybody gets emergency messages
	if pri("*.emerg") then {
		call omusr(user="*");
	}

	# Save news errors of level crit and higher in a special file.
	if pri("uucp,news.crit") then {
		call omfile(file="/var/log/spooler");
	}

	# Save boot messages also to boot.log
	if pri("local7.*") then {
		call omfile(file="/var/log/boot.log");
	}
}


################## end if this config, new config follows ###############

# with a slight modification of the grammar, this could also be expressed
# as follows:

# BEGIN #


load imuxsock	# provides support for local system logging (e.g. via logger command)
load imklog	# provides kernel logging support (previously done by rklogd)

run imuxsock;
run imklog;

# Use default timestamp format
set global(fileDefaultTemplate="RSYSLOG_TraditionalFileFormat");


ruleset default {
	if pri("*.info;mail.none;authpriv.none;cron.none") then
		call omfile(file="/var/log/messages");

	# The authpriv file has restricted access.
	if pri("authpriv.*") then call omfile(file="/var/log/secure");

	# Log all the mail messages in one place.
	if pri("mail.*") then call omfile(file="/var/log/maillog");

	# Log cron stuff
	if pri("cron.*") then call omfile(file="/var/log/cron");

	# Everybody gets emergency messages
	if pri("*.emerg") then call omusr(user="*");

	# Save news errors of level crit and higher in a special file.
	if pri("uucp,news.crit") then call omfile(file="/var/log/spooler");

	# Save boot messages also to boot.log
	if pri("local7.*") then call omfile(file="/var/log/boot.log");
}