Is there any way to retrieve the severity level of the messages from system log in linux?

Question

Is there any way to retrieve the severity level of the messages from system log in linux? I have tried the following after being root:

 1.  sudo vim rsyslog.conf
 2.  tried to add following lines of code so that I could send every level 
     to separate files 

  ## ------------------------------------------------------------------ #
  ## All levels in a seperate file
  *.emerg                         -/var/log/log.0_emergency
  *.alert;*.!emerg                -/var/log/log.1_alert
  *.crit;*.!alert                 -/var/log/log.2_critical
  *.err;*.!crit                   -/var/log/log.3_error
  *.warning;*.!err                -/var/log/log.4_warning
  *.notice;*.!warning             -/var/log/log.5_notice
  *.info;*.!notice                -/var/log/log.6_info
  *.debug;*.!info                 -/var/log/log.7_debug

 3.  :wq  to save and quit vim

However, this does not get saved. Could someone guide me?

Answer 1

I'm not as familiar with the older format (and I've not tested this), but this may do what you're looking for:

## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg                         -/var/log/log.0_emergency
& stop

*.alert;*.!emerg                -/var/log/log.1_alert
& stop

*.crit;*.!alert                 -/var/log/log.2_critical
& stop

*.err;*.!crit                   -/var/log/log.3_error
& stop

*.warning;*.!err                -/var/log/log.4_warning
& stop

*.notice;*.!warning             -/var/log/log.5_notice
& stop

*.info;*.!notice                -/var/log/log.6_info
& stop

*.debug;*.!info                 -/var/log/log.7_debug
& stop

This would end up being my approach just because I like how precise the "advanced" format is:

if ($syslogfacility-text == 'auth') 
    or ($syslogfacility-text == 'authpriv') then {

    action(
        name="auth-log"
        type="omfile"
        file="/var/log/auth.log")

    stop
}

# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
    action(
        name="cron-log"
        type="omfile"
        file="/var/log/cron.log")

    stop
}

Setup as many of those blocks as you need to filter based on facility, severity, programname or any number of other message or system properties.

Docs:

• http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
• http://www.rsyslog.com/doc/v8-stable/configuration/properties.html
• http://www.rsyslog.com/doc/v8-stable/configuration/filters.html

EDIT: rep is too low to respond to comments (odd design choice), so posting reply here.

Re how to save the file:

If you are referring to "saving" in the sense of your modifications to the file, make sure that you are modifying the correct file. sudo nano /etc/rsyslog.conf and then make your changes. ctrl-x to attempt to quit, answer Y to saving the changes. Run sudo rsyslogd -N2 to test your configuration and then restart rsyslog via sudo service rsyslog restart