Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
rsyslog_central_loghost

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
rsyslog_central_loghost [2014/06/24 17:52] – [rsyslog - central loghost] adminrsyslog_central_loghost [2014/06/24 18:34] – [rsyslog - central loghost] admin
Line 6: Line 6:
 -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT</code> -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT</code>
   * Reload iptables. <code>service iptables reload</code>   * Reload iptables. <code>service iptables reload</code>
 +  * Configure SELinux to allow remote logging over tcp. <code>semanage port -m -t syslogd_port_t -p tcp</code>
   * Create rsyslog config **/etc/rsyslog.d/loghost.conf** <code># Provides UDP syslog reception   * Create rsyslog config **/etc/rsyslog.d/loghost.conf** <code># Provides UDP syslog reception
 $ModLoad imudp $ModLoad imudp
Line 12: Line 13:
 # Provides TCP syslog reception # Provides TCP syslog reception
 $ModLoad imtcp $ModLoad imtcp
-$InputTCPServerRun 514</code>+$InputTCPServerRun 514 
 + 
 +# Do not store loghost logs in remote directory 
 +:hostname, !isequal, "loghost"       ~ 
 + 
 +$template FILE. "/var/log/remote/%HOSTNAME$.log" 
 +*.* ?FILE 
 +</code>
   * Restart rsyslog service. <code>service rsyslog restart</code>   * Restart rsyslog service. <code>service rsyslog restart</code>
   *    * 
rsyslog_central_loghost.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1