I am not seeing anything in your config file to read data from output.txt
Instead, I see you specifying it as a directory name for rsyslog to use for
various scratch files.
you need to look at the imfile configuration if you want to read the file.
However a better way to get data from SEC to syslog is to use the udp output
mode in the latest SEC to send the logs directly to SEC instead of writing them
to a file and then havng rsyslog poll that file.
David Lang
On Fri, 7 Jun 2013, termo meter
wrote:
Date: Fri, 7 Jun 2013 18:26:56 +0800 (SGT)
From: termo meter <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] (no subject)
Hi All,
im new to rsyslog.
What i try to do, i setup 2 rsyslog server, rsyslog1 and rsyslog2.
My firewall logs forward to rsyslog1 using syslog udp514, i manage to receive
the log ar rsyslog1.
At rsyslog1, i do some log correlation. the result is output to file
"output.txt".
I want to forward the result to the rsyslog2.
But till now i unable to receive logs at rsyslog2.
Here my rsyslog.conf file.
Code:
root@ubuntu:/etc# more rsyslog.conf
$ModLoad imuxsock # provides support for local system logging
$WorkDirectory /home/rsyslog/sec-2.7.2/output.txt
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
##########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
#$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner adm
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser adm
$PrivDropToGroup adm
#
# Where to place spool files
#
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
*.* @@192.168.0.124:514
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Thanks.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
