Hi Tom, I tried as you mentioned, but when I did ‘service rsyslog restart’ it reset the .conf file back to the default file. Is there another place to change this?
Thank you, Ben From: Thomas M. Wilson via PacketFence-users <[email protected]> Sent: Wednesday, December 19, 2018 10:21 AM To: [email protected] Cc: Thomas M. Wilson <[email protected]> Subject: Re: [PacketFence-users] PacketFence Configure what Syslog Forwarder Sends CAUTION: This email originated from outside of BAYADA. Beware of links and attachments. You can configure this in /etc/rsyslog.d/packetfence.conf. Modify appropriately for your environment. if $syslogtag contains "auth" and $syslogfacility-text == "local1" then { -/usr/local/pf/logs/radius.log if $msg contains "Login" then { action(type="omfwd" target="<your syslog host>" port="514" protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist" queue.size="10000") } if $msg contains "Accepted" then { action(type="omfwd" target="<your syslog host>" port="514" protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist" queue.size="10000") } if $msg contains "Rejected" then { action(type="omfwd" target="<your syslog host>" port="514" protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist" queue.size="10000") } stop } Tom -----Original Message----- Date: Wed, 19 Dec 2018 13:45:29 +0000 Subject: [PacketFence-users] PacketFence Configure what Syslog Forwarder Sends Cc: "Brenek, Benjamin" <[email protected]<mailto:%22Brenek,%20benjamin%22%20%[email protected]%3e>> To: [email protected] <[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>> Reply-to: <[email protected]> From: "Brenek, Benjamin via PacketFence-users" <[email protected]><[email protected]%3e> I currently have a 3 server PacketFence cluster configured and running in production. One of features that I would like to take advantage of is the Syslog forwarder, as the PacketFence servers only keeps easily accessible logs for around 24 hours. However, having all 3 servers pointed to our Syslog server currently generates a lot of data that I don’t want. The only data I really care about storing long-term is authentication data. Is there a way to configure a Syslog forwarder to only send authentication logs, and nothing else? While I can filter what syslog messages we accept on the server, this results in a lot of unneeded traffic over the network, which I am hoping to avoid doing. Any help with this issue would be appreciated as I was unable to find anything in the documentation or items on the mailing list that provided assistance with this. Thank you, Ben Our employees' reviews made us a Best Place to Work<https://link.zixcentral.com/u/f094645a/qhRe-7gD6RGxRNI70ut4HQ?u=https%3A%2F%2Fwww.glassdoor.com%2Fsurvey%2Fstart_input.htm%3FshowSurvey%3DREVIEWS%26employerId%3D153924%26contentOriginHook%3DPAGE_SRCH_COMPANIES> in 2018 &2019! Spread the word and earn a bonus by referring a friend.<http://hs.bayada.com/talent-scout-ilwid?utm_source=email%20signature&utm_medium=email&utm_campaign=Glassdoor%20Award> [Image removed by sender. Compassion, Excellence, Reliability]<https://link.zixcentral.com/u/ae91daf6/MHVe-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_site> [Image removed by sender. Facebook]<https://link.zixcentral.com/u/a733fad2/5J1e-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_fb> [Image removed by sender. Twitter] <https://link.zixcentral.com/u/0c770168/HMBe-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_tw> [Image removed by sender. LinkedIn] <https://link.zixcentral.com/u/f328cf07/0uFe-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_LI> [Image removed by sender. YouTube] <https://link.zixcentral.com/u/e6cabd59/nANf-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_yt> [Image removed by sender. Bayada] <https://link.zixcentral.com/u/ae91daf6/MHVe-7gD6RGxRNI70ut4HQ?u=http%3A%2F%2Fbhhc.co%2FBAYemail_site> CONFIDENTIALITY NOTICE: This email may contain information belonging to BAYADA and is protected by law. Do not forward, copy, or otherwise disclose to anyone unless permitted by BAYADA or required by law. If you are not the intended recipient, please notify the sender immediately. _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://link.zixcentral.com/u/900218bc/5Hxc-7gD6RGxRNI70ut4HQ?u=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
