Hi all,
I'm looking for an advice how to configure rsyslog to achieve local and
remote logging of any logfile in /var/log/ on a bunch of linux servers.
Local files should get the same name as in a "standard" setup and on the
logserver I like to have logfile names with timestamp and hostname.
I have a working configuration, but somehow not all logfiles got
transferred to my logserver like exim4 mail logs. I am looking if there
is a more "elegant" way and better working configuration I can use.
I found several documentation describing easy setups sending all
logfiles to a centralized server or how to use rulesets and templates in
more complex scenarios but they seem not to fit at all.
What I did:
I activated udp reception and created templates for known logfiles on
my logserver in 50-default
# define templates
$template
DynAUTH,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-auth.log"
$template DynSYSLOG
"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-syslog.log"
$template
DynDBG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-debug.log"
$template
DynMSG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-messages.log"
$template
DynEMERG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-emergency.log"
$template
DynCRON,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-cron.log"
$template
DynDAEMON,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-daemon.log"
$template
DynKERN,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-kern.log"
$template
DynLPR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-lpr.log"
$template
DynUSER,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-user.log"
$template
DynMAILINFO,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.info.log"
$template
DynMAILWARN,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.warn.log"
$template
DynMAILERR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.err.log"
$template
DynMAIL,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.log"
$template
DynNEWSCRIT,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.crit.log"
$template
DynNEWSERR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.err.log"
$template
DynNEWSNOTICE,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.notice.log"
# assign logfiles
auth,authpriv.* ?DynAUTH
*.*;auth,authpriv.none -?DynSYSLOG
cron.* ?DynCRON
daemon.* -?DynDAEMON
kern.* -?DynKERN
lpr.* -?DynLPR
mail.info -?DynMAILINFO
mail.warn -?DynMAILWARN
mail.err -?DynMAILERR
mail.* -?DynMAIL
user.* -?DynUSER
news.crit ?DynNEWSCRIT
news.err ?DynNEWSERR
news.notice -DynNEWSNOTICE
On my sender I defined 2 targets for every logfile:
#
# First some standard log files. Log by facility.
#
auth,authpriv.* @syslog:514
& /var/log/auth.log
daemon.* @syslog:514
& -/var/log/daemon.log
kern.* @syslog:514
& -/var/log/kern.log
cron.* @syslog:514
& /var/log/cron.log
user.* @syslog:514
& -/var/log/user.log
# Emergencies are sent to everybody logged in and to the syslog server
#
*.emerg @syslog:514
& :omusrmsg:*
With this I don't catch logfiles which are not sent by logger
So, Is there a better way to do this?
regards Axel
--
Never argue with an idiot; people watching may not tell the difference
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
