Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
rsyslog_central_loghost

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
rsyslog_central_loghost [2014/06/24 17:52] – [rsyslog - central loghost] adminrsyslog_central_loghost [2014/06/24 18:35] – [rsyslog - central loghost] admin
Line 6: Line 6:
 -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT</code> -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT</code>
   * Reload iptables. <code>service iptables reload</code>   * Reload iptables. <code>service iptables reload</code>
 +  * Configure SELinux to allow remote logging over tcp. <code>semanage port -m -t syslogd_port_t -p tcp 514</code>
   * Create rsyslog config **/etc/rsyslog.d/loghost.conf** <code># Provides UDP syslog reception   * Create rsyslog config **/etc/rsyslog.d/loghost.conf** <code># Provides UDP syslog reception
 $ModLoad imudp $ModLoad imudp
Line 12: Line 13:
 # Provides TCP syslog reception # Provides TCP syslog reception
 $ModLoad imtcp $ModLoad imtcp
-$InputTCPServerRun 514</code>+$InputTCPServerRun 514 
 + 
 +# Do not store loghost logs in remote directory 
 +:hostname, !isequal, "loghost"       ~ 
 + 
 +$template FILE. "/var/log/remote/%HOSTNAME$.log" 
 +*.* ?FILE 
 +</code>
   * Restart rsyslog service. <code>service rsyslog restart</code>   * Restart rsyslog service. <code>service rsyslog restart</code>
   *    * 
rsyslog_central_loghost.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1