So for my network I have 3 servers and want to forward all logs to one sevrer
On the client servers I have everything setup good *.* :omrelp:ipaddress:20514 I can see logs from that server coming into my central server, the issue is that I want to break certain logs into certain files on the central server - so on client 1 I would want my rootsh logs and my secure logs into 2 separate files Here is my central server configuration # provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 10514 # provides RELP syslog reception $ModLoad imrelp $InputRELPServerRun 20514 $template root_perhoste,"/var/log/hosts/%HOSTNAME%/rootsh.log" $template syslog_perhost,"/var/log/hosts/%HOSTNAME%/syslog.log" rootsh.log ?root_perhost secure ?syslog_perhost I also have the last part (rootsh.log ?root_perhost secure ?syslog_perhost) Repeated in this file /etc/rsyslog.d/50-default-.conf --because I am running central server on Ubuntu 14.04 So all the logs come over fine and I can see them all - but they all get dumped into syslog.log - so when I ssh into the client server I see in the syslog.log on the central server that an ssh connection was open but when I switch user to root and run commands as root or have any other logs they also show up in syslog.log and nothing ever logs to the rootsh.log - however I know the logs are coming to the central server that are meant for that file because they show up in syslog.log Also rootsh.log is not a standard log file Any thoughts? Thanks, Kevin McGillicuddy Server Administrator Sight & Sound Theatres 717-687-4220 x2317 [email protected]<mailto:[email protected]> [http://www.sight-sound.com/StaticContent/images/signature.gif]<http://www.sight-sound.com/> [http://www.sight-sound.com/StaticContent/images/youtube.gif]<http://www.youtube.com/user/sightsoundtheatres>[http://www.sight-sound.com/StaticContent/images/facebook.gif]<http://www.facebook.com/sightsoundtheatres> _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
