Also check startup error messages from rsyslog. There are for sure some with this config!
Sent from phone, thus brief. Am 12.08.2014 19:09 schrieb "Micah Yoder" <[email protected]>: > What we do is have separate templates for different types of logs (auth, > "normal", cron, etc) and check the $syslogfacility-text and use a > different template accordingly. > > On 8/12/14, 11:26 AM, Kevin McGillicuddy wrote: > > So for my network I have 3 servers and want to forward all logs to one > sevrer > > > > On the client servers I have everything setup good > > *.* > :omrelp:ipaddress:20514 > > > > I can see logs from that server coming into my central server, the issue > is that I want to break certain logs into certain files on the central > server - so on client 1 I would want my rootsh logs and my secure logs into > 2 separate files > > > > Here is my central server configuration > > > > # provides UDP syslog reception > > $ModLoad imudp > > $UDPServerRun 514 > > > > # provides TCP syslog reception > > $ModLoad imtcp > > $InputTCPServerRun 10514 > > > > # provides RELP syslog reception > > $ModLoad imrelp > > $InputRELPServerRun 20514 > > > > $template root_perhoste,"/var/log/hosts/%HOSTNAME%/rootsh.log" > > $template syslog_perhost,"/var/log/hosts/%HOSTNAME%/syslog.log" > > > > rootsh.log ?root_perhost > > secure ?syslog_perhost > > > > > > I also have the last part > > (rootsh.log ?root_perhost > > secure ?syslog_perhost) > > > > Repeated in this file /etc/rsyslog.d/50-default-.conf --because I am > running central server on Ubuntu 14.04 > > > > So all the logs come over fine and I can see them all - but they all get > dumped into syslog.log - so when I ssh into the client server I see in the > syslog.log on the central server that an ssh connection was open but when I > switch user to root and run commands as root or have any other logs they > also show up in syslog.log and nothing ever logs to the rootsh.log - > however I know the logs are coming to the central server that are meant for > that file because they show up in syslog.log > > > > Also rootsh.log is not a standard log file > > > > Any thoughts? > > > > > > Thanks, > > Kevin McGillicuddy > > Server Administrator > > Sight & Sound Theatres > > 717-687-4220 x2317 > > [email protected]<mailto: > [email protected]> > > > > [http://www.sight-sound.com/StaticContent/images/signature.gif]< > http://www.sight-sound.com/> > > [http://www.sight-sound.com/StaticContent/images/youtube.gif]< > http://www.youtube.com/user/sightsoundtheatres>[ > http://www.sight-sound.com/StaticContent/images/facebook.gif]< > http://www.facebook.com/sightsoundtheatres> > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
