Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
rsyslog_central_loghost

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rsyslog_central_loghost [2014/06/24 18:35] – [rsyslog - central loghost] adminrsyslog_central_loghost [2021/10/09 15:14] (current) – external edit 127.0.0.1
Line 7: Line 7:
   * Reload iptables. <code>service iptables reload</code>   * Reload iptables. <code>service iptables reload</code>
   * Configure SELinux to allow remote logging over tcp. <code>semanage port -m -t syslogd_port_t -p tcp 514</code>   * Configure SELinux to allow remote logging over tcp. <code>semanage port -m -t syslogd_port_t -p tcp 514</code>
-  * Create rsyslog config **/etc/rsyslog.d/loghost.conf*<code># Provides UDP syslog reception+  * Create rsyslog config
 +    * **/etc/rsyslog.conf** <code># Include all config files in /etc/rsyslog.d/ 
 +$IncludeConfig /etc/rsyslog.d/*.conf</code> 
 +    /etc/rsyslog.d/1-modules.conf <code>$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) 
 +$ModLoad imklog   # provides kernel logging support (previously done by rklogd) 
 +#$ModLoad immark  # provides --MARK-- message capability 
 + 
 +# Provides UDP syslog reception
 $ModLoad imudp $ModLoad imudp
 $UDPServerRun 514 $UDPServerRun 514
Line 15: Line 22:
 $InputTCPServerRun 514 $InputTCPServerRun 514
  
-Do not store loghost logs in remote directory +#### GLOBAL DIRECTIVES #### 
-:hostname, !isequal, "loghost      ~+ 
 +# Use default timestamp format 
 +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 
 + 
 +# File syncing capability is disabled by default. This feature is usually not required, 
 +# not useful and an extreme performance hit 
 +#$ActionFileEnableSync on</code> 
 +    * /etc/rsyslog.d/2-loghost.conf <code># This one is the template to generate the log filename dynamically, depending on the client's IP address. 
 +$template FILENAME,"/var/log/remote/%HOSTNAME%-syslog.log" 
 + 
 +# Log all messages not from localhost to the dynamically formed file. 
 +:fromhost-ip, !isequal, "127.0.0.1-?FILENAME 
 +~</code> 
 +    * /etc/rsyslog.d/3-local.conf <code>#### RULES #### 
 + 
 +# Log all kernel messages to the console. 
 +# Logging much else clutters up the screen. 
 +#kern.*                                                 /dev/console 
 + 
 +# Log anything (except mail) of level info or higher. 
 +# Don't log private authentication messages! 
 +*.info;mail.none;authpriv.none;cron.none                /var/log/messages 
 + 
 +# The authpriv file has restricted access. 
 +authpriv.*                                              /var/log/secure 
 + 
 +# Log all the mail messages in one place. 
 +mail.*                                                  -/var/log/maillog 
 + 
 + 
 +# Log cron stuff 
 +cron.*                                                  /var/log/cron 
 + 
 +# Everybody gets emergency messages 
 +*.emerg                                                 * 
 + 
 +# Save news errors of level crit and higher in a special file. 
 +uucp,news.crit                                          /var/log/spooler
  
-$template FILE"/var/log/remote/%HOSTNAME$.log+# Save boot messages also to boot.log 
-*.* ?FILE +local7.*                                                /var/log/boot.log</code>
-</code>+
   * Restart rsyslog service. <code>service rsyslog restart</code>   * Restart rsyslog service. <code>service rsyslog restart</code>
-  *  
rsyslog_central_loghost.1403634901.txt.gz · Last modified: 2014/06/24 18:35 by admin