Hey,
I have tried your solution without ressult. When i try to configure as your
advise, i never receive log in good place.
*Status rsyslog server : *
- CentOS 7.5-1804
- rsyslog 8.24
*Config file : /etc/rsyslog.d/remote.conf*
*$ModLoad imtcp*
*$InputTCPServerRun 514*
*# Define customized target*
*[1] template(name="getFromhostipPrefix" type="string"
string="%fromhost-ip:R,ERE,0,DFLT:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})--end%")*
*# do not forget the ';' character on the end of following line*
*[2] set $.subnet=exec_template("getFromhostipPrefix");*
*[3] $template
FILENAME,"/var/log/rsyslog_remote/%$.subnet%/%fromhost-ip%.log"*
*$template FILENAME1,"/var/log/rsyslog_remote/%fromhost-ip%/syslog.log"*
*$template
FILENAME2,"/var/log/rsyslog_remote/%fromhost-ip%/%fromhost%-syslog.log"*
*# write remote log in previous defined file*
*[4] :fromhost-ip, !isequal, "127.0.0.1" -?FILENAME*
*:fromhost-ip, !isequal, "127.0.0.1" -?FILENAME1*
*:fromhost-ip, !isequal, "127.0.0.1" -?FILENAME2*
*& stop*
*Result :*
If i activate specific line ([1], [2], [3], [4]) for dynamic template. my
logging in destination file fail. I can't understood where is the mistake
or the missing configuration!
Do you hanve some ideas about?
Thanks for your given time.
Le lun. 3 déc. 2018 à 09:35, External Jean marie MAGNIER -CAMPUS- <
[email protected]> a écrit :
> Thanks, I'll check it out.
>
> Le lun. 3 déc. 2018 à 09:31, Peter Viskup <[email protected]> a écrit :
>
>> Hello Jean-Marie,
>> you can try to use exec_template [1] which was developed for such
>> purposes.
>> This can be a base for your configuration
>>
>> template(name="getFromhostip" type="string"
>>
>> string="%fromhost-ip:R,ERE,0,DFLT:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})--end%")
>> # do not forget the ';' character on the end of following line
>> set $.subnet=exec_template("getFromhostipprefix");
>> $template FILENAME,"/var/log/rsyslog_remote/%$.subnet%/%fromhost-ip%.log"
>>
>> You can test your regexes on rsyslog page[2]. And read more on setting
>> variables[3].
>>
>> Use of regexes affects performance and thus lookup tables might help
>> here[4] or use setting $.subnet variable value based on simple if-else
>> with match on '$fromhost-ip startswith "10.10.4."'.
>>
>> [1] https://www.rsyslog.com/how-to-use-set-variable-and-exec_template/
>> [2] https://www.rsyslog.com/regex/
>> [3] https://www.rsyslog.com/how-to-set-variables-in-rsyslog-v7/
>> [4] https://www.rsyslog.com/doc/master/configuration/lookup_tables.html
>>
>> --
>> Peter
>> On Wed, Nov 28, 2018 at 5:07 PM External Jean marie MAGNIER -CAMPUS-
>> via rsyslog <[email protected]> wrote:
>> >
>> > Hello All,
>> >
>> > I'am trying to deploy a provisionning solution for more than 10.000
>> CentOS
>> > linux client from PXE server. One of my goal is to consolidate build
>> log on
>> > centralized remote server.
>> >
>> > Each client is able to send syslog to remote server. And my dificulties
>> is
>> > to log by subnet, example :
>> >
>> > Client 1 10.10.4.xx/24
>> >
>> > Client 2 10.10.4.xy/24
>> >
>> > Client 3 10.10.5.xx/24
>> >
>> >
>> > *I try to log in centralized rsyslog server :*
>> > /var/log/rsyslog_remote/10.10.4/<IP client 1>/syslog.log
>> > <IP client
>> 2>/syslog.log
>> > /10.10.5/<IP client 3>/syslog.log
>> >
>> >
>> > *But I found only solution to log in*
>> > /var/log/rsyslog_remote/<IP client 1>/syslog.log
>> > /<IP client 2>/syslog.log
>> > /<IP Client 2>/syslog.log
>> >
>> > To do that I have a config file /etc/rsyslog.d/10-remote.conf
>> >
>> > * # Define customized target*
>> > * $template FILENAME,"/var/log/rsyslog_remote/%fromhost-ip%/syslog.log"*
>> > * $template LOCALFILENAME,"/var/log/rsyslog_local/%fromhost%.log"*
>> >
>> > * # write remote og in previous defined file*
>> > * :fromhost-ip, !isequal, "127.0.0.1" -?FILENAME*
>> > * & ~*
>> >
>> > * # write local log*
>> > * *.* -?LOCALFILENAME*
>> >
>> >
>> >
>> > *Request Help :*
>> > Maybe you have an idea to define something like
>> >
>> > $template FILENAME,"/var/log/rsyslog_remote/*<subnet>*
>> > /%fromhost-ip%/syslog.log"
>> >
>> >
>> >
>> > Thanks for your help
>> >
>> > --
>> > *Cordialement Jean-Marie*
>> >
>> >
>> > Magnier Jean-Marie - IS System Engineer - Prestataire
>> > *IT Department | IT Retail Workstation* Business Unit
>> > *CE-INFRARETAIL Team*
>> > @Mail <[email protected]> | Tel : +33(0)6.08.75.52.68
>> >
>> > We need your help to improve our services and your satisfaction !
>> > _______________________________________________
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>> you DON'T LIKE THAT.
>>
>
>
> --
> *Cordialement Jean-Marie*
>
>
> Magnier Jean-Marie - IS System Engineer - Prestataire
> *IT Department | IT Retail Workstation* Business Unit
> *CE-INFRARETAIL Team*
> @Mail <[email protected]> | Tel : +33(0)6.08.75.52.68
>
> We need your help to improve our services and your satisfaction !
>
--
*Cordialement Jean-Marie*
Magnier Jean-Marie - IS System Engineer - Prestataire
*IT Department | IT Retail Workstation* Business Unit
*CE-INFRARETAIL Team*
@Mail <[email protected]> | Tel : +33(0)6.08.75.52.68
We need your help to improve our services and your satisfaction !
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
