[Techtalk] Fwd: rsyslog

Maria McKinley mariak at mariakathryn.net
Thu Apr 25 17:13:02 UTC 2013


Meant to send this to the group

---------- Forwarded message ----------
From: Maria McKinley <mariak at mariakathryn.net>
Date: Thu, Apr 25, 2013 at 9:35 AM
Subject: Re: [Techtalk] rsyslog
To: Wolf Rising <wolfrising at gmail.com>


In this case, we assume we are forwading the kern files from machine ella
to machine annette:

On the machine to forward have an entry for the logfile you want to forward
and the machine name to forward to

kern.*          @annette

On the machine receiving the log files, have the following configs in
rsyslog.conf:

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

+ella
kern.*                          -/var/log/client-logs/ella/kern.log

I think you probably have to create the directories in /var/log, but can't
really remember. You could also just name the file ella-kern.log if you
were only sending over one log file, but even one log file turns to many
with rotation, so I found it best to have one directory where all logs from
other machines go, and then a directory in their for each machine.

for each following machine you are logging from, start with the +machine
name, then list all log files being forwarded from that machine, and then
the log files for the local machine, so annette would then have:

+annette
auth,authpriv.*                 /var/log/auth.log
etc.

Make sure to tell your logrotate facility about the new files.

cheers,
maria


On Thu, Apr 25, 2013 at 7:25 AM, Wolf Rising <wolfrising at gmail.com> wrote:

> Would anyone happen to know how to get rsyslog to forward messages from a
> group of servers to a central logging server and
> have the logs sorted under directories by hostname?
>
> I can get the logs to copy to the remote logging server but they all
> just end up under scattered /var/log
> instead of nicely sorted into directories by sending server name.
>
> I've tried using templates
>
> $template DynFile, "/var/log/%FROMHOST%/%syslogfacility-text%.log"
>
> but these write out to the local machines /var/log directory.
>
>
> Thanks!
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>



-- 
Maria Mckinley
Programmer and System Administrator



-- 
Maria Mckinley
Programmer and System Administrator


More information about the Techtalk mailing list