[rsyslog-notify] Forum Thread: Re: imtcp maxsessions - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Thu Jun 11 06:36:10 CEST 2015 

User: nottoosmart 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25678#p25678

Message: 
----------
Here's our config:


# Use FQDN for hostname field
$PreserveFQDN on

# MODULES
module(load="imuxsock")         # Provides support for local system logging
module(load="imklog")           # Provides kernel logging support

module(load="imudp")            # Provides UDP syslog reception
input(type="imudp"
      port="514")

module(load="imtcp"             # Provides TCP syslog reception
       KeepAlive="on"
       KeepAlive.Probes="3"
       KeepAlive.Interval="120"
       KeepAlive.Time="500")
input(type="imtcp"
      port="514")

module(load="imrelp")           # Provides RELP syslog reception
input(type="imrelp"
      port="5040"
      tls="on"
      KeepAlive="on"
      KeepAlive.Probes="3"
      KeepAlive.Interval="120"
      KeepAlive.Time="500")

module(load="omprog")   # Provides ability to run a binary

# Provides periodic output of rsyslog internal counters
module(load="impstats" severity="7" resetCounters="on")


# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0002

if $fromhost-ip == "127.0.0.1" then {

  # Gather stats from rsyslog
  syslog.=debug  /var/log/rsyslog-stats

  # Log anything info level or higher. A lot of things go into their own
file.
  *.info;mail,authpriv,cron,local2,local3,local5,local6.none 
-/var/log/messages

  # The authpriv file has restricted access.
  auth.*,authpriv.*  -/var/log/secure

  # Log all the mail messages in one place.
  mail.*  -/var/log/maillog

  # Log all cron messages in one place.
  cron.*  -/var/log/cron

  # Everybody gets emergency messages
  *.emerg  :omusrmsg:*

  # Save news errors of level crit and higher in a special file.
  uucp,news.crit  -/var/log/spooler

  # LDAP logs
  local4.*  -/var/log/ldap.log

  # DHCPD logs
  local5.*  -/var/log/dhcpd.log

  # DNS logs
  local6.*  -/var/log/dns.log

  # Among other places, boot messages always go to boot.log
  local7.*  -/var/log/boot.log

  # Send this servers local auth and authpriv messages to get filtered by
  # <our binary omitted for privacy>.
  auth.*,authpriv.* @@[IPV6 address omitted for privacy]:514

  stop
}

*.* {
  action(type="omprog"
        binary="path to compiled python binary omitted"
        template="RSYSLOG_TraditionalFileFormat")
}
*.* {
  action(type="omprog"
        binary="path to another compiled python binary omitted"
        template="RSYSLOG_TraditionalFileFormat")
}
*.* {
  action(type="omprog"
        binary="path to even another compiled python binary omitted")
  stop
}

More information about the rsyslog-notify mailing list