[rsyslog] rsyslog changelog
aoz.syn at gmail.com
Tue Mar 10 18:14:20 CET 2009
On Tue, Mar 10, 2009 at 04:28, jack marrow <jackmarrow2 at gmail.com> wrote:
> 2009/3/10 Rainer Gerhards <rgerhards at hq.adiscon.com>:
>> Please post configs and elaborate a bit more about what you are trying
>> to accomplish and what you have set up.
> I am evaluating rsyslog at the moment.
> I would like to know if I can use it for log collection on the client
> for writing on the server. The server must know which log file is
This is more a "basic understanding of logging" question than one
specific to rsyslog. Generally speaking, log daemons just log what
client apps tell them to - httpd says, "I'm facility 6 and <foo> is my
critical message". If the local log daemon is sending logs upstream,
it will basically tell the upstream server "I'm myhostname and httpd
(facility 6) just said <foo> with a critical priority". If all your
daemons (httpd, vsftpd, etc.) log directly to the local syslog as
opposed to a flat file, things should "just work".
However, if you're configuring your "client" syslog instance to follow
/var/log/httpd/access and retransmit that data to an upstream server,
all that metadata (application name, facility, priority, etc) is lost.
Hence, you must configure your client syslog to inject that data -
with rsyslog, that would be done something like this:
That sets up a monitor that polls /var/log/httpd/access every 5
seconds, prepends "http_access" to every line, and sends it via UDP to
More information about the rsyslog