u/JustCallMeBigD

I am trying to collect and organize logs from my Windows servers on my syslog server.

The syslog server is openSUSE Leap 16 using rsyslog, and my Windows servers send their events to it through SolarWinds Event Log Forwarder for Windows.

Ideally, I would like to have a folder for each server, and within that folder will be a log file for security events, a file for windows events, a file for Active Directory events, etc.

As I have it now, my rules are filtering all events from a particular system into a dedicated file, and it's ridiculously painful trying to extract anything useful from them in a timely manner.

I am trying to set up a dynamic file naming structure and filtering rules to handle this, but what I have isn't working and I don't understand why/where I went wrong.

This is what I currently have:

template(name="SolarWindsDynamicPath" type="list") {
   constant(value="/var/log/syslog/servers/")

   property(name="hostname")
   constant(value="/")

   property(name="$now")
   constant(value="-")

   property(
       name="msg"  
       regex.expression="MSWinEventLog#[0-9]+#([A-Za-z0-9 ]+)"
       regex.submatch="1"
       regex.nomatchmode="FIELD"
       caseconversion="lower"
   )

   constant(value=".log")
}

template(name="CleanLogLine" type="list") {
   property(name="timestamp" dateFormat="rfc3339")
   constant(value=" ")
   property(name="hostname")
   constant(value=" ")

   property(name="rawmsg" controlcharacters="drop")
   constant(value="\n")
}
 
if ($msg contains "MSWinEventLog") then {
   action(type="omfile" dynaFile="SolarWindsDynamicPath" template="CleanLogLine")
   stop
}

It passes the rsyslogd syntax check, but it doesn't work and my server logs are just going into the generic 'warn' log file specified in rsyslog.conf.

Any advice is appreciated!

I mean, well, I know how... I guess I'm just that stage where you like

2. "okay /these sr are the facts, you ask, how is that even possible ith this is my perception rignt nw?!"

v'howsrsly h is this even happening rn?"?!'

**did iy?
0 = my preception??

aware of spel/gramat replies? fucks give=0

3. 'explain yurself!"

avscentt-touch

can't, 0 fucks

4. "stop jrying to justify everythin-notgoddhappen

won't

you're fucking nuts

yead duh

Fake! AIl +, nway so dassnwaidfuck you expact someing in myanidly-deterioratinAI!

questioning reality-did it happeb?

srsly shat is happen?! 8understand tha o

questiopn to questio **!*~!ery

Di?

?..

thing

only oe look-over

¯\_(̲̅ ͡° ͜ʖ ͡°̲̅)_/¯

..............>>>>>>>>>>>>>....................?????????...........................................!!!!!!!!!'

So I was going through my settings the other day, trying to tweak things like expiry times and folder icons, and I noticed a checked checkbox... Interesting, I thought...

So I opened the root folder properties for my mailbox, and the checkbox was ticked there as well. So I unchecked it, and suddenly, I'm getting email alerts for new messages on my M365 mailboxes!

So, for starters, this is how I have my receiving connector set up.

https://preview.redd.it/wd6xnlfybc1h1.png?width=633&format=png&auto=webp&s=cd6c1ce656846e17d1abe2d37c521ffe187369d3

This is the root folder I'm talking about:

https://preview.redd.it/z5p0v9mxcc1h1.png?width=295&format=png&auto=webp&s=83c10df242a23ca09b0a62c740a25711c61a042e

And here is the offending option in the folder properties, uncheck 'Use options from parent' and set a time interval below with 1 minute being the most frequent:

https://preview.redd.it/sewkgeqcdc1h1.png?width=619&format=png&auto=webp&s=9d9309c6fb4175229ff20023265189f3dead4bf3

YMMV, but it's working for me, and I hope it works for you, too!

Been using Linux/openSUSE for the last 5 years or so, but recently doubled-down on the migration after moving my last remaining computer (my gaming rig) to openSUSE as well.

As a result, I'm beginning to delve into the deep world of OS customization.

My latest efforts; I've spent a considerable amount of time tailoring my FF to a concice-yet-appealing output.

https://preview.redd.it/9188ztmnfayg1.png?width=1920&format=png&auto=webp&s=bf3a4dda997f8219d1c7f87c75aa7cc00b732108

I know I used another person's config as inspiration, but I still wanted to share the config that makes me smile.

{

"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",

"logo": {

"type": "builtin",

"source": "tumbleweed",

"padding": {

"top": 6,

"right": 10,

"bottom": 0,

"left": 10

},

"color": {

"1": "green",

}

},

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

"display": {

"brightColor": "true",

"separator": "",

"key": {

"width": 15

},

"constants": [

"\u001b[49C",

"\u001b[48C",

"\u001b[88C",

"\u001b[20D",

"\u001b[90m",

"\u001b[35m",

"\u001b[32m",

],

},

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

"modules": [

"break",

{

"type": "custom",

"format": " {$5}┏━━━┫{$7}Hardware{$5}┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓"

},

{

"type": "host",

"key": " ║ 󰌢 PC {$1} {$5}┃",

"format": "{vendor} {name} (SKU:{sku})",

"keyColor": "green"

},

{

"type": "chassis",

"key": " ║  Form {$1} {$5}┃",

"keyColor": "green"

},

{

"type": "cpu",

"key": " ║ ╭─ :{$1} {$5}┃",

"format": "{name} ({cores-physical}C/{cores-logical}T) @ {freq-max}",

"keyColor": "green"

},

{

"type": "gpu",

"key": " ╟───┼─󰍹 :{$1} {$5}┃",

"keyColor": "green"

},

{

"type": "battery",

"key": " ║ ├─🗲 :{$1} {$5}┃",

"percent": {

"type": 2,

"green": 40,

"yellow": 20,

"red": 0,

},

"format": "{capacity-bar} {temperature} {time-formatted} [{status}]",

"keyColor": "green"

},

{

"type": "memory",

"key": " ║ ├─󰑭 :{$1} {$5}┃",

"percent": {

"type": 2,

"green": 50,

"yellow": 75

},

"keyColor": "green"

},

{

"type": "disk",

"key": " ║ ├─󰋊 :{$1} {$5}┃",

"percent": {

"type": 2,

"green": 80,

"yellow": 95

},

"keyColor": "green"

},

{

"type": "sound",

"key": " ║ ├─🕪 :{$1} {$5}┃",

"percent": {

"type": 2,

"green": 60,

"yellow": 85

},

"format": "{volume-percentage-bar} {name}",

"keyColor": "green",

},

{

"type": "bluetoothradio",

"key": " ║ ├─ :{$1} {$5}┃",

"format": "{vendor} v.{version}",

"keyColor": "green",

},

{

"type": "wifi",

"key": " ║ ├─ :{$1} {$5}┃",

"percent": {

"type": 2,

"green": 50,

"yellow": 25,

"red": 0,

},

"format": "{signal-quality-bar} {status} {Security} Ch.{channel} Fq.{band}",

"keyColor": "green",

},

{"format": "{vendor} v.{version}",

"type": "netio",

"key": " ║ ╰─🖧 :{$1} {$5}┃",

"format": "active: {ifname} rx:{rx-size} tx:{tx-size}",

"keyColor": "green"

},

{

"type": "custom",

"format": " {$5}┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛"

},

"break",

{

"type": "custom",

"format": " {$5}┏━━━┫{$7}Software{$5}┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓"

},

{

"type": "os",

"key": " ║  OS {$1} {$5}┃",

"keyColor": "yellow"

},

{

"type": "kernel",

"key": " ║ ╭─󰌽 :{$1} {$5}┃",

"format": "{sysname} v.{release}-{arch}",

"keyColor": "yellow"

},

{

"type": "bios",

"key": " ╟───┼─ :{$1} {$5}┃",

"format": "BIOS v.{version} {type}",

"keyColor": "yellow"

},

{

"type": "tpm",

"key": " ║ ├─ :{$1} {$5}┃",

"format": "TPM v.{version}",

"keyColor": "yellow"

},

{

"type": "packages",

"key": " ║ ├─󰏗 :{$1} {$5}┃",

"keyColor": "yellow"

},

{

"type": "shell",

"key": " ║ ╰─󰞷 :{$1} {$5}┃",

"keyColor": "yellow"

},

{

"type": "de",

"key": " ║ 󰧨 DE {$1} {$5}┃",

"keyColor": "blue"

},

{

"type": "lm",

"key": " ║ ╭─󰍁 :{$1} {$5}┃",

"keyColor": "blue"

},

{

"type": "wm",

"key": " ╟───┼─󱂬 :{$1} {$5}┃",

"keyColor": "blue"

},

{

"type": "wmtheme",

"key": " ║ ├─󰉦 :{$1} {$5}┃",

"keyColor": "blue"

},

{

"type": "terminal",

"key": " ║ ╰─󰆍 :{$1} {$5}┃",

"keyColor": "blue"

},

{

"type": "custom",

"format": " {$5}┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛"

},

"break",

{

"type": "custom",

"format": " {$5}┏━━━┫{$7}Uptime / Age / Date{$5}┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓"

},

{

"type": "command",

"key": " {$5}┃{$6} OS Age: {$2}{$5}┃",

"keyColor": "magenta",

"text": "birth_install=$(stat -c %W /); current=$(date +%s); time_progression=$((current - birth_install)); days_difference=$((time_progression / 86400)); echo $days_difference days"

},

{

"type": "uptime",

"key": " {$5}┃{$6} ⮝ Time: {$2}{$5}┃",

"keyColor": "magenta"

},

{

"type": "datetime",

"key": " {$5}┃{$6}  Time: {$2}{$5}┃",

"keyColor": "magenta"

},

{

"type": "custom",

"format": " {$5}┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛"

},

{

"type": "colors",

"paddingLeft": 6,

"symbol": "circle"

},

"break",

]

}

Hope you like, and if so, hope you use my config for inspiration. 🤗

Over the last week or so, I've been obsessed with making a super-deluxe command prompt. Currently, my config is inspired by powerline, but with my own personal touch.

https://preview.redd.it/1tp7gtgcdvxg1.png?width=1920&format=png&auto=webp&s=74b83a9799e30758917625e8e741a711cc9b00dc

.bashrc for regular users
cont_line() {
   tput sc
   tput cuu1
   #echo "├─\[\e[32m\]🖝 \[\e[0m\] "
   echo "│ "
   tput rc
}

cmd_line() {
   tput sc
   tput cuu1
   echo "│ \[\e[32m\]✓\[\e[0m\] "
   tput rc
}

export PS0="$(cmd_line)╰\[\e[32m\]🖝  \u @ \t 🖣\[\e[0m\]\n"
export PS1="\n╭──\[\e[97;48;5;244m\] \h \[\e[38;5;244;48;5;34m\]\[\e[38;5;232;1m\] \u \[\e[0m\] \n├──\[\e[38;5;214;1m\]🖿  \w\[\e[0m\]\n╰🖝  "
export PS2="$(cont_line)╰─🖝  "

.bashrc for root
cont_line() {
   tput sc
   tput cuu1
   #echo "├─\[\e[32m\]🖝 \[\e[0m\] "
   echo "│ "
   tput rc
}

cmd_line() {
   tput sc
   tput cuu1
   echo "│ \[\e[32m\]✓\[\e[0m\] "
   tput rc
}

#echo -e '\e[3 q'
test -s ~/.alias && . ~/.alias || true

export PS0="$(cmd_line)╰\[\e[31m\]🖝  \u @ \t 🖣\[\e[0m\]\n\n"
export PS1="\n╭──\[\e[97;48;5;244m\] \H \[\e[38;5;244;48;5;196m\]\[\e[38;5;232;1m\] ⁑\u⁑ \[\e[0m\] \n├──\[\e[38;5;214;1m\]🖿  \w\[\e[0m\]\n╰🖝  "
export PS2="$(cont_line)╰─🖝  "

Show me your kewl prompts, plz 😎