[rsyslog-notify] Forum Thread: central logging server configuration - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue May 12 02:51:56 CEST 2015
User: lee62817
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25559#p25559
Message:
----------
I have a central logging server
i don't want to all the remote logs are being aggregated in the central
log server's /var/log/messages.
how can i do?
please help me!
my rsyslog.conf
#rsyslog configuration file
$template insertpl,"insert into SystemEvents (Message, Facility, FromHost,
FromIP, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag)
values ('%msg%', %syslogfacility%, '%HOSTNAME%', '%fromhost-ip%',
%syslogpriority%, '%timereported:::date-mysql%',
'%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
$template stdmsg,"%timereported% %hostname% %fromhost-ip%
%syslogtag%%$!msg:::sp-if-no-1st-sp%%msg%\n"
#### MODULES ####
$ModLoad ommysql
*.*:ommysql:localhost,Syslog,rsyslog,XXXXXXXX;insertpl
$ModLoad imuxsock
$ModLoad imjournal
$ModLoad immark
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad omfwd
*.* @@10.5.1.111:5514;stdmsg
#### GLOBAL DIRECTIVES ####
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
#### RULES ####
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
More information about the rsyslog-notify
mailing list