On Tue, Mar 10, 2009 at 04:28, jack marrow <[email protected]> wrote: > 2009/3/10 Rainer Gerhards <[email protected]>: >> Please post configs and elaborate a bit more about what you are trying >> to accomplish and what you have set up. > > I am evaluating rsyslog at the moment. > > I would like to know if I can use it for log collection on the client > for writing on the server. The server must know which log file is > which.
This is more a "basic understanding of logging" question than one specific to rsyslog. Generally speaking, log daemons just log what client apps tell them to - httpd says, "I'm facility 6 and <foo> is my critical message". If the local log daemon is sending logs upstream, it will basically tell the upstream server "I'm myhostname and httpd (facility 6) just said <foo> with a critical priority". If all your daemons (httpd, vsftpd, etc.) log directly to the local syslog as opposed to a flat file, things should "just work". However, if you're configuring your "client" syslog instance to follow /var/log/httpd/access and retransmit that data to an upstream server, all that metadata (application name, facility, priority, etc) is lost. Hence, you must configure your client syslog to inject that data - with rsyslog, that would be done something like this: $ModLoad imfile.so $InputFileName /var/log/httpd/access $InputFileTag http_access $InputFilePollIntervalSeconds 5 $InputFileMonitor *.* @192.168.1.1 That sets up a monitor that polls /var/log/httpd/access every 5 seconds, prepends "http_access" to every line, and sends it via UDP to 192.168.1.1. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
