Yes that is what I want....I want to route them to a file of my liking. What I want is to have the logs from windows (win server 2008, Exchange, etc) also from switches and routers all log to my rsyslog central server.
The default rules all work. I can see them on my syslog server with no problems. 1. I cannot see window logs. (I think I need to specify a file to direct them to.) 2. I cannot see "other" application logs for the same reason. I've looked at the tutorials and tried to alter the config in different ways and I can't get it to work. I'm not a programmer so I don't know what it is I need to add to make it work. Josh From: Rainer Gerhards [mailto:[email protected]] Sent: Tuesday, April 02, 2013 12:08 PM To: Josh Bitto Subject: AW: RE: RE: [rsyslog] rsyslog newbie Sorry, i am honestly still puzzled. You mean you can't route them to a file of your liking? Could you describe in plain words your desired result? Sent from phone, thus brief. -------- Ursprüngliche Nachricht -------- Von: Josh Bitto <[email protected]<mailto:[email protected]>> Datum: 02.04.2013 21:05 (GMT+01:00) An: Rainer Gerhards <[email protected]<mailto:[email protected]>> Betreff: RE: RE: [rsyslog] rsyslog newbie No I have not....The only thing I tested was to see if my centos linux box (rsyslog server) is receiving data from my laptop (as a test) In the rsyslog windows agent you can send a syslog test message.....Which I get in my /var/log/messages So what I'm saying is that I'm able to receive data from windows, but I can't find (if it has sent them at all) where the logs would be. From: Rainer Gerhards [mailto:[email protected]] Sent: Tuesday, April 02, 2013 12:03 PM To: Josh Bitto Subject: AW: RE: [rsyslog] rsyslog newbie But so you found them? Sent from phone, thus brief. -------- Ursprüngliche Nachricht -------- Von: Josh Bitto <[email protected]<mailto:[email protected]>> Datum: 02.04.2013 21:00 (GMT+01:00) An: Rainer Gerhards <[email protected]<mailto:[email protected]>>,rsyslog-users <[email protected]<mailto:[email protected]>> Betreff: RE: [rsyslog] rsyslog newbie When I go to my /var/log/messages I can see the logger message that came from the windows rsyslog agent. That's how I know it's working. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rainer Gerhards Sent: Tuesday, April 02, 2013 11:59 AM To: [email protected]<mailto:[email protected]> Subject: Re: [rsyslog] rsyslog newbie I don't understand the issue. You say you receive windows events but can't find them? If so, how do you know you received them? Sent from phone, thus brief. -------- Ursprüngliche Nachricht -------- Von: Josh Bitto <[email protected]<mailto:[email protected]>> Datum: 02.04.2013 20:22 (GMT+01:00) An: rsyslog-users <[email protected]<mailto:[email protected]>> Betreff: [rsyslog] rsyslog newbie Hello Everyone, Ok so I have been working with rsyslog for a couple of weeks now. I've been assigned to create a syslog server and all that funky stuff. I have a central syslog server setup with rsyslog basically "receiving" port 514 udp traffic. I'm a little confused about some stuff. Before anyone says read the guides....I've done that....but I think it needs to be dumbed down so I can understand it. What I'm trying to do is send windows event logs as well as other application logs from linux centos boxes to my syslog server. The regular default rules work...I can see them from a server that is forwarding its messages just fine. What I can't seem to get working is miscellaneous application logs or windows logs. I downloaded rsyslog windows agent...did the tutorial for setting up a rule.....tested a message and can see it just fine on my syslog server. What I can't seem to locate is the windows events. I've attached my config file. Josh _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
