On Wed, 4 Feb 2015, Asif Iqbal wrote:
I am receiving logs from around 200 network elements.
How do I start a second rsyslogd? Is it some parameter in config file
where
I can define a second IP to bind to like in syslog-ng?
in the input() statement you can specify the IP address, on the command
line you will need to specify a unique config file and pid file for each
copy. There are other things that can trip you up as well (depending on
what other features you use)
I am not seeing any input() statement in rsyslog.conf. Are you referring to
imudp may be? Not sure where
in imudp do I put the IP. Yes I know I will need to make sure there will be
separate config file and pid file.
I am doing that for other processes like sshd, tac_plus and others.
rsyslog v5.8 is ancient and has not been supported by the community for several
years. You should upgrade to a currently supported version if you are going to
be asking for help doing complex and unusual things.
Read through the documentation on your system for the imudp and imtcp modules.
the documentation that you find online is going to mostly cover the more current
versions, which include a better config format for expressing comples things.
but with 200 things sending you logs, you will end up having to run 25
copies of rsyslog (assuming that you give each of them a unique local# id).
why not just filter on the hostname or IP address instead?
No I will need 16 different local filters. So I will be running only two
instances of rsyslogd
by the way, you need to recognize that there's nothing magic about the local*
facilities. You can have your applications use any facility that you want. As
long as you don't have something else useing it and are willing to put up with
the confusion in names (which should be less than having local0 mean two things)
For example, I really doubt that you have lpr, news, uucp, or clock facilities
in use on your systems.
David Lang
you can even use that hostname/ip address in a filename template and with
two lines in one copy of rsyslog have each network device be output into
it's own file.
I am aware of that and using template as well to avoid log rotate and just
place the file in right folder
based on year and day
Why not explain a bit more about what you are trying to do and let's see if
we can easily do it with one copy of rsyslog instead of 25 (or more)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
