Hi, I'm using: RHEL 5.6 (x86_64) kernel 2.6.18-238.1.1.el5 rsyslog-3.22.1-3.el5_5.1
I've got a single loghost working in TCP / UDP mode receiving logs from various systems (rsyslog based and normal syslog based). I'm looking for guidance on the configs below - any recommendations for improving performance would be appreciated. Comments are elided for space. The normal config is: $ModLoad imklog $ModLoad imuxsock $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat *.* @@loghost.xxx.xxx *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog;RSYSLOG_TraditionalFileFormat cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log The loghost config is: $ModLoad imklog $ModLoad imuxsock $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $template TraditionalFormatWithPRI,"%PRI-text%: %timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n" $template DailyPerHostLogs,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages.log" :fromhost-ip, !isequal, "127.0.0.1" -?DailyPerHostLogs;TraditionalFormatWithPRI & ~ *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog;RSYSLOG_TraditionalFileFormat cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log Thanks, -- Best Regards, Brett Delle Grazie _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
