[rsyslog-notify] Forum Thread: Syslog forward logs to Rsyslog centralize - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Sat Feb 15 05:49:39 CET 2014 

User: trungmv 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24233#p24233

Message: 
----------
Hello Experts,

I have 2 system running difference logging, 1 is syslog and other is
rsyslog
Rsyslog is the centralize logging.
I want to configuration syslog forward logs to centralize logging
On syslog server i configured:
[code:10rgkfll]vi /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
# Forward logging to Centralized Log System
*.* @10.126.122.26:514
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none               
/var/log/messages
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
# Log all the mail messages in one place.
mail.*                                                 
-/var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron
# Everybody gets emergency messages
*.emerg                                                 *
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                         
/var/log/spooler
# Save boot messages also to boot.log
local7.*                                               
/var/log/boot.log
[/code:10rgkfll]

On centralize logging i configured:
[code:10rgkfll]# Input Modules -----------------------------------This line
is comment
#--------------------------------------------------This line is comment
#$ModLoad impstats.so
#$PStatsInterval 300
syslog.info  /var/log/rsyslog-stats
#--------------------------------------------------This line is comment
#$ModLoad immark.so      # provides --MARK-- message capability
#$ModLoad imuxsock.so    # provides support for local system logging
(via logger command)
#$ModLoad imklog.so      # provides kernel logging support (previously
done by rklogd)
#--------------------------------------------------This line is comment
$ModLoad imudp.so       # provides UDP syslog reception
$UDPServerAddress *     # all local interfaces
$UDPServerRun 514       # start UDP server (log server receiver)
#--------------------------------------------------This line is comment
$ModLoad imtcp.so       # provides TCP syslog reception and GSS-API (if
compiled)
$InputTCPServerRun 514  # start TCP server (log server receiver)
#--------------------------------------------------This line is comment
$ModLoad imrelp.so      # RELP input
$InputRELPServerRun 20514 # start RELP Protocol
#--------------------------------------------------This line is comment
$ModLoad imfile.so      # Text file input
$InputFileName /var/log/i-am-a-text-file.log
$InputFileTag my-text-file:
$InputFileStateFile stat-file1
$InputFileSeverity error
$InputFileFacility local7
$InputFilePollInterval 10 # check for new lines every 10 seconds

$InputRunFileMonitor
#--------------------------------------------------This line is comment
#$ModLoad imgssapi.so   # Plain TCP and GSSAPI
#$ModLoad im1395.so     # Messages via RFC1395

# Output Modules ----------------------------------This line is comment
#--------------------------------------------------This line is comment
$ModLoad omsnmp.so      # Send SNMP traps
#$actionsnmptransport udp
#$actionsnmptarget 192.168.x.x
#$actionsnmptargetport 162
#$actionsnmpversion 1
#$actionsnmpcommunity public
#*.* :omsnmp:
#--------------------------------------------------This line is comment
$ModLoad ommysql.so     # Log to MySQL
#$ModLoad ompgsql.so    # Log to PostgreSQL

#--------------------------------------------------This line is comment
$ModLoad omrelp.so      # Send to another host via RELP
#$ModLoad omlibdbi.so   # Log via generic DB output
#$ModLoad omgss.so      # GSS enabled output
# Globals -----------------------------------------This line is comment
$umask 0000
$DirCreateMode 0640
$FileCreateMode 0640
$RepeatedMsgReduction on

$WorkDirectory /var/log/rsyslog  # default location for work (spool) files
$ActionQueueType LinkedList      # use asynchronous processing
$ActionQueueFileName queue       # set file name, also enables disk mode
$ActionResumeRetryCount -1       # infinite retries on insert failure
$ActionQueueSaveOnShutdown on    # save in-memory data if rsyslog shuts
down
$MainMsgQueueMaxFileSize 100M
[/code:10rgkfll]

Although, on Centralized logging i still received the logs from other
systems which installed agent to forward logs to centralized
But i still did not receive logs from syslog.
How i can resolved this issue?

Any help is appreciated,


Best regards,

More information about the rsyslog-notify mailing list