Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


rsyslog_central_loghost

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
rsyslog_central_loghost [2014/06/24 20:35]
admin [rsyslog - central loghost]
rsyslog_central_loghost [2014/06/24 21:14]
admin [rsyslog - central loghost]
Line 7: Line 7:
   * Reload iptables. <​code>​service iptables reload</​code>​   * Reload iptables. <​code>​service iptables reload</​code>​
   * Configure SELinux to allow remote logging over tcp. <​code>​semanage port -m -t syslogd_port_t -p tcp 514</​code>​   * Configure SELinux to allow remote logging over tcp. <​code>​semanage port -m -t syslogd_port_t -p tcp 514</​code>​
-  * Create rsyslog config **/​etc/​rsyslog.d/​loghost.conf*<​code>#​ Provides UDP syslog reception+  * Create rsyslog config
 +    * **/​etc/​rsyslog.conf** <​code>#​ Include all config files in /​etc/​rsyslog.d/​ 
 +$IncludeConfig /​etc/​rsyslog.d/​*.conf</​code>​ 
 +    ​/​etc/​rsyslog.d/​1-modules.conf ​<​code>​$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) 
 +$ModLoad imklog ​  # provides kernel logging support (previously done by rklogd) 
 +#$ModLoad immark ​ # provides --MARK-- message capability 
 + 
 +# Provides UDP syslog reception
 $ModLoad imudp $ModLoad imudp
 $UDPServerRun 514 $UDPServerRun 514
Line 15: Line 22:
 $InputTCPServerRun 514 $InputTCPServerRun 514
  
-Do not store loghost ​logs in remote ​directory +#### GLOBAL DIRECTIVES #### 
-:hostname, !isequal, "loghost" ​      ​~+ 
 +# Use default timestamp format 
 +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 
 + 
 +# File syncing capability is disabled by default. This feature is usually ​not required, 
 +# not useful and an extreme performance hit 
 +#​$ActionFileEnableSync on</​code>​ 
 +    * /​etc/​rsyslog.d/​2-loghost.conf <​code>#​ This one is the template to generate the log filename dynamically,​ depending on the client'​s IP address. 
 +$template FILENAME,"/​var/​log/​remote/​%fromhost-ip%-syslog.log"​ 
 + 
 +# Log all messages not from localhost to the dynamically formed file. 
 +:fromhost-ip, !isequal, "127.0.0.1" ​-?​FILENAME 
 +~</​code>​ 
 +    * /​etc/​rsyslog.d/​3-local.conf <​code>####​ RULES #### 
 + 
 +# Log all kernel messages to the console. 
 +# Logging much else clutters up the screen. 
 +#​kern.* ​                                                /​dev/​console 
 + 
 +# Log anything (except mail) of level info or higher. 
 +# Don't log private authentication messages! 
 +*.info;​mail.none;​authpriv.none;​cron.none ​               /​var/​log/​messages 
 + 
 +# The authpriv file has restricted access. 
 +authpriv.* ​                                             /​var/​log/​secure 
 + 
 +# Log all the mail messages in one place. 
 +mail.* ​                                                 -/​var/​log/​maillog 
 + 
 + 
 +# Log cron stuff 
 +cron.* ​                                                 /​var/​log/​cron 
 + 
 +# Everybody gets emergency messages 
 +*.emerg ​                                                * 
 + 
 +# Save news errors of level crit and higher in a special file. 
 +uucp,​news.crit ​                                         /​var/​log/​spooler
  
-$template FILE"/var/log/remote/​%HOSTNAME$.log+# Save boot messages also to boot.log 
-*.* ?FILE +local7.* ​                                               ​/var/log/boot.log</​code>​
-</​code>​+
   * Restart rsyslog service. <​code>​service rsyslog restart</​code>​   * Restart rsyslog service. <​code>​service rsyslog restart</​code>​
-  *  
rsyslog_central_loghost.txt · Last modified: 2014/06/24 21:19 by admin