[rsyslog-notify] Forum Thread: Re: Multine log transfert to another rsyslog server - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Feb 4 10:30:47 CET 2016
User: raphaelk
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26323#p26323
Message:
----------
Hi,
thx for your answer ; here is the rsyslog.conf file of the source server :
[code:1knrzn41]
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in
/etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
# Enable non-kernel facility klog messages $KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$EscapeControlCharactersOnReceive off
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/ # $IncludeConfig
/etc/rsyslog.d/*.conf
[/code:1knrzn41]
And the template that handle the log :
[code:1knrzn41]
# Customlog
# template
template(name="app-logmessage" type="string"
string="/var/log/app/%programname%-access-%$YEAR%-%$MONTH%-%$DAY%.log")
template(name="app-logerror" type="string"
string="/var/log/app/%programname%-error-%$YEAR%-%$MONTH%-%$DAY%.log")
# checks
if $programname contains 'app' and $syslogseverity > '4' then { action
(type="omfile" dynaFile="app-logmessage")
*.* @@remote_server
stop
}
if $programname contains 'app' and $syslogseverity <= '4' then { action
(type="omfile" dynaFile="app-logerror")
*.* @@192.168.1.229
stop
}
[/code:1knrzn41]
On the remote side,
Here is the rsyslog.conf file : the file is quite the same, just the TCP
listener module is activated
[code:1knrzn41]
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in
/etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Enable non-kernel facility klog messages $KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$EscapeControlCharactersOnReceive off
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/ # $IncludeConfig
/etc/rsyslog.d/*.conf
[/code:1knrzn41]
The output template is the same as the source server.
Please be aware that the "$TCP_Framing octet-counted" config has been
removed from both config file (source and destination)
Thx for your time :)
More information about the rsyslog-notify
mailing list