On Fri, 2013-03-01 at 12:55 +0100, Axel wrote: > Hi all, > > I'm looking for an advice how to configure rsyslog to achieve local and > remote logging of any logfile in /var/log/ on a bunch of linux servers. > Local files should get the same name as in a "standard" setup and on the > logserver I like to have logfile names with timestamp and hostname. > > I have a working configuration, but somehow not all logfiles got > transferred to my logserver like exim4 mail logs. I am looking if there
If I read it correctly, it looks like you simply do not transfer mail.* to the central server... Not sure based on the provided configuration and explanation if you would like to forward everything to the central host - or just a select set. Rainer > is a more "elegant" way and better working configuration I can use. > > I found several documentation describing easy setups sending all > logfiles to a centralized server or how to use rulesets and templates in > more complex scenarios but they seem not to fit at all. > > What I did: > I activated udp reception and created templates for known logfiles on > my logserver in 50-default > > # define templates > $template > DynAUTH,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-auth.log" > $template DynSYSLOG > "/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-syslog.log" > $template > DynDBG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-debug.log" > $template > DynMSG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-messages.log" > $template > DynEMERG,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-emergency.log" > $template > DynCRON,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-cron.log" > $template > DynDAEMON,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-daemon.log" > $template > DynKERN,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-kern.log" > $template > DynLPR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-lpr.log" > $template > DynUSER,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-user.log" > $template > DynMAILINFO,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.info.log" > $template > DynMAILWARN,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.warn.log" > $template > DynMAILERR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.err.log" > $template > DynMAIL,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-mail.log" > $template > DynNEWSCRIT,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.crit.log" > $template > DynNEWSERR,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.err.log" > $template > DynNEWSNOTICE,"/data/logs/current/%HOSTNAME%/%$YEAR%%$MONTH%%$DAY%-%HOSTNAME%-news.notice.log" > > # assign logfiles > auth,authpriv.* ?DynAUTH > *.*;auth,authpriv.none -?DynSYSLOG > > cron.* ?DynCRON > daemon.* -?DynDAEMON > kern.* -?DynKERN > lpr.* -?DynLPR > mail.info -?DynMAILINFO > mail.warn -?DynMAILWARN > mail.err -?DynMAILERR > mail.* -?DynMAIL > user.* -?DynUSER > news.crit ?DynNEWSCRIT > news.err ?DynNEWSERR > news.notice -DynNEWSNOTICE > > On my sender I defined 2 targets for every logfile: > > # > # First some standard log files. Log by facility. > # > auth,authpriv.* @syslog:514 > & /var/log/auth.log > > daemon.* @syslog:514 > & -/var/log/daemon.log > > kern.* @syslog:514 > & -/var/log/kern.log > > cron.* @syslog:514 > & /var/log/cron.log > > user.* @syslog:514 > & -/var/log/user.log > > # Emergencies are sent to everybody logged in and to the syslog server > # > *.emerg @syslog:514 > & :omusrmsg:* > > > With this I don't catch logfiles which are not sent by logger > So, Is there a better way to do this? > > regards Axel > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
