[rsyslog-notify] Forum Thread: Re: Retaining logs on the filesystem, but also forwarding - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Apr 22 10:46:02 CEST 2014
User: cmacrae
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24572#p24572
Message:
----------
I have taken a look at the documentation and examples. rsyslog has very
good documentation and examples, so, I suppose it's down to my lack of
understanding of the order things are carried out.
I have the following in a file under /etc/rsyslog.d:
[code:1qnt0lae]$template
LogName,"/var/log/rsyslog/%HOSTNAME%.log"[/code:1qnt0lae]
Which satisfies the desired outcome for file level logs.
However, adding a forward rule at the end of /etc/rsyslog.conf, like so:
[code:1qnt0lae]*.* @localhost:5140[/code:1qnt0lae]
Doesn't seem to relay the messages to the process listening on localhost on
port 5140.
I can't see any traffic being sent when looking at a tcpdump.
I can only speculate that the rule mentioned above in the included
/etc/rsyslog.d config is catching the log input first, and so the forward
rule is never read. I need both to be applied.
More information about the rsyslog-notify
mailing list