[rsyslog-notify] Forum Thread: Spooling Logs to Disk & Defining Threads - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Fri May 1 21:19:57 CEST 2015
User: snorman1483
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25459#p25459
Message:
----------
Hello;
I am new to Rsyslog and my company is planning on using Rsyslog for
it main syslog receiver and forwarder. I have written the following
configuration and I am attempting to set the rule TCP514 to write to disk
if it cannot forward it's logs to it's remote locations. Can I define the
disk queue for all the actions within the rule or do I need to write a disk
spooling for each action? Also I am attempting to define the worker Threads
for the main.queue and action; but I am not seeing how it should be written
or i am overlooking it somewhere.
##########################
#### Forwarding Rule 1 ####
##########################
$Ruleset TCP514
$WorkDirectory /path/rsyslog/
$ActionQueueType LinkedList
$ActionQueueFileName fwdspool
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
$ActionQueueMaxDiskSpace 1g
:fromhost-ip, isequal, "10.10.10.10" {
if $msg contains "hostnamex" then action(
type="omfwd"
target="10.12.10.15"
port="514"
Protocol="TCP"
Template="RSYSLOG_ForwardFormat"
) & stop
if $msg contains "hostnamey" then action(
type="omfwd"
target="10.13.10.20"
port="5514"
protocol="TCP"
template="RSYSLOG_SyslogProtocol23Format"
) & stop
if $msg contains "Words" then action(
type="omfwd"
target="10.13.10.25"
port="5514"
protocol="TCP"
template="RSYSLOG_SyslogProtocol23Format"
) & stop
if $msg contains "hostname" then action(
type="omfwd"
target="10.13.10.15"
port="514"
protocol="TCP"
template="RSYSLOG_SyslogProtocol23Format"
) & stop
*.* action(
type="omfwd"
target="10.13.10.15"
port="5514"
Protocol="TCP"
Template="RSYSLOG_SyslogProtocol23Format"
)
}
$Ruleset TCP514
input(type="imtcp" port="514" ruleset="TCP514")
More information about the rsyslog-notify
mailing list