[Techtalk] Fwd: rsyslog
Maria McKinley
mariak at mariakathryn.net
Thu Apr 25 17:13:02 UTC 2013
Meant to send this to the group
---------- Forwarded message ----------
From: Maria McKinley <mariak at mariakathryn.net>
Date: Thu, Apr 25, 2013 at 9:35 AM
Subject: Re: [Techtalk] rsyslog
To: Wolf Rising <wolfrising at gmail.com>
In this case, we assume we are forwading the kern files from machine ella
to machine annette:
On the machine to forward have an entry for the logfile you want to forward
and the machine name to forward to
kern.* @annette
On the machine receiving the log files, have the following configs in
rsyslog.conf:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
+ella
kern.* -/var/log/client-logs/ella/kern.log
I think you probably have to create the directories in /var/log, but can't
really remember. You could also just name the file ella-kern.log if you
were only sending over one log file, but even one log file turns to many
with rotation, so I found it best to have one directory where all logs from
other machines go, and then a directory in their for each machine.
for each following machine you are logging from, start with the +machine
name, then list all log files being forwarded from that machine, and then
the log files for the local machine, so annette would then have:
+annette
auth,authpriv.* /var/log/auth.log
etc.
Make sure to tell your logrotate facility about the new files.
cheers,
maria
On Thu, Apr 25, 2013 at 7:25 AM, Wolf Rising <wolfrising at gmail.com> wrote:
> Would anyone happen to know how to get rsyslog to forward messages from a
> group of servers to a central logging server and
> have the logs sorted under directories by hostname?
>
> I can get the logs to copy to the remote logging server but they all
> just end up under scattered /var/log
> instead of nicely sorted into directories by sending server name.
>
> I've tried using templates
>
> $template DynFile, "/var/log/%FROMHOST%/%syslogfacility-text%.log"
>
> but these write out to the local machines /var/log directory.
>
>
> Thanks!
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
--
Maria Mckinley
Programmer and System Administrator
--
Maria Mckinley
Programmer and System Administrator
More information about the Techtalk
mailing list