The only place the file exists on my installation is in /etc/rsyslog.d. I'm using PacketFence 7.3 on RHEL 7.4 and haven't had any issues with the packetfence.conf file being overwritten when the service restarts. Tom -----Original Message----- Date: Wed, 19 Dec 2018 19:42:52 +0000Subject: RE: [PacketFence-users] PacketFence Configure what Syslog Forwarder SendsCc: Thomas M. Wilson < [email protected]>To: [email protected] <pac [email protected]>From: "Brenek, Benjamin" <bbrenek@ bayada.com>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
◆ This message was sent from a non-UWYO address. Please exercise
caution when clicking links or opening attachments from external
sources.
Hi Tom,
I tried as you mentioned, but when I did ‘service rsyslog restart’ it
reset the .conf file back to the default file. Is there another place
to change this?
Thank you,
Ben
From: Thomas M. Wilson via PacketFence-users <[email protected]
ourceforge.net>
Sent: Wednesday, December 19, 2018 10:21 AM
To: [email protected]
Cc: Thomas M. Wilson <[email protected]>
Subject: Re: [PacketFence-users] PacketFence Configure what Syslog
Forwarder Sends
CAUTION: This email originated from outside of BAYADA. Beware of links
and attachments.
You can configure this in /etc/rsyslog.d/packetfence.conf. Modify
appropriately for your environment.
if $syslogtag contains "auth" and $syslogfacility-text == "local1" then
{
-/usr/local/pf/logs/radius.log
if $msg contains "Login" then {
action(type="omfwd" target="<your syslog host>" port="514"
protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist"
queue.size="10000")
}
if $msg contains "Accepted" then {
action(type="omfwd" target="<your syslog host>" port="514"
protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist"
queue.size="10000")
}
if $msg contains "Rejected" then {
action(type="omfwd" target="<your syslog host>" port="514"
protocol="udp" action.resumeRetryCount="100" queue.type="linkedlist"
queue.size="10000")
}
stop
}
Tom
-----Original Message-----
Date: Wed, 19 Dec 2018 13:45:29 +0000
Subject: [PacketFence-users] PacketFence Configure what Syslog
Forwarder Sends
Cc: "Brenek, Benjamin" <[email protected]>
To: [email protected] <[email protected]
urceforge.net>
Reply-to: <[email protected]>
From: "Brenek, Benjamin via PacketFence-users" <packetfence-users@lists
.sourceforge.net>
I currently have a 3 server PacketFence cluster configured and running
in production. One of features that I would like to take advantage of
is the Syslog forwarder, as the PacketFence servers only keeps easily
accessible logs for around
24 hours. However, having all 3 servers pointed to our Syslog server
currently generates a lot of data that I don’t want. The only data I
really care about storing long-term is authentication data. Is there a
way to configure a Syslog forwarder to only send
authentication logs, and nothing else? While I can filter what syslog
messages we accept on the server, this results in a lot of unneeded
traffic over the network, which I am hoping to avoid doing.
Any help with this issue would be appreciated as I was unable to find
anything in the documentation or items on the mailing list that
provided assistance with this.
Thank you,
Ben
Our employees' reviews made us a
Best Place to Work in 2018 &2019!
Spread the word and earn a bonus by
referring a friend.
CONFIDENTIALITY NOTICE: This email may contain information belonging to
BAYADA and is protected by law. Do not forward, copy, or otherwise
disclose to anyone unless permitted by BAYADA or required by law. If
you are not the intended recipient, please
notify the sender immediately.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://link.zixcentral.com/u/900218bc/5Hxc-7gD6RGxRNI70ut4HQ?u=https%3
A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
