On Tue, 2013-04-02 at 17:34 -0700, Chris Bartram wrote:
On a RHEL 5 system I have an existing server where I have basic UDP and
encrypted tls transports setup. I'm now trying to add RELP but even after
adding the librelp packages I get an error from rsyslog complaining that it
can't open
On Tue, 2 Apr 2013, Chris Bartram wrote:
On a RHEL 5 system I have an existing server where I have basic UDP and
encrypted tls transports setup. I'm now trying to add RELP but even after
adding the librelp packages I get an error from rsyslog complaining that it
can't open imrelp.so. In fact
-Original Message-
From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
boun...@lists.adiscon.com] On Behalf Of David Lang
Sent: Wednesday, April 03, 2013 10:06 AM
To: Chris Bartram; rsyslog-users
Subject: Re: [rsyslog] trouble adding relp to existing server
On Tue, 2 Apr
Wow. Thanks all. Sad that the official RHEL repository is so far behind...
I'll see about linking to the rsyslog repository.
-Chris Bartram
The purpose of life is not to be happy. It is to be useful, to be honorable,
to be compassionate, to have it make some difference that you have lived
On your if, then statements where it says $source != 'loghost.example.com' \
What would I replace it with? %hostname%
The reason I ask is that there will be many host names or IP addresses that I'm
forwarding logs from.
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
Oh ok thank you! That worked!
I'm sorry I keep asking questions
So in the If, then statements where it says
if \
$source != 'syslog.onlineschool.ca' \
and \
$syslogseverity = '6' \
--
The very last
In that case you only need one rule, something like this should work
1. if \
2. $source != 'loghost.example.com' \
3. then*.* ?DYNlogfile
On Wed, Apr 3, 2013 at 4:23 PM, Josh Bitto jbi...@onlineschool.ca wrote:
Oh ok thank you! That worked!
I'm sorry I keep asking
Okie dokie
Would these if then statements work for windows events?
Basically here is my goal...
I want to use splunk as a Management tool for my logs (free version is 500 mb
volume/24 hour period) but I want rsyslog to forward log files to my
central log server.
In order to stay
I suggest
http://www.monitorware.com/en/topics/syslog/
Especially the seminar.
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: Josh Bitto jbi...@onlineschool.ca
Datum: 03.04.2013 21:49 (GMT+01:00)
An: rsyslog-users rsyslog@lists.adiscon.com
Betreff: Re: [rsyslog]
I found this reference helpful:
http://en.wikipedia.org/wiki/Syslog
On Wed, Apr 3, 2013 at 4:02 PM, Rainer Gerhards rgerha...@hq.adiscon.comwrote:
I suggest
http://www.monitorware.com/en/topics/syslog/
Especially the seminar.
Sent from phone, thus brief.
Ursprüngliche
I actually just found that. It is helping out a lot as far as all the different
terminology that this protocol uses.
Thanks Anyway!
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Gregory Patmore
Sent: Wednesday,
Marcelo,
Thank you for the help earlier. Now I have another question. I kept the first
rules and now. I want to add a rule of sorts.
When rsyslog receives upd traffic it not only is adding it to my
/var/log/messages file but also to the /var/log/hosts/hostname/messages file
as well.
Is there
The config I shared does that
On Apr 3, 2013 6:18 PM, Josh Bitto jbi...@onlineschool.ca wrote:
Marcelo,
Thank you for the help earlier. Now I have another question. I kept the
first rules and now. I want to add a rule of sorts.
When rsyslog receives upd traffic it not only is adding it to
I'm sorry I should have clarifiedWindows events go to both locations
mentioned.
Could I add a rule that says...
If \
$source == 'somekind of windows identifier' \
Then?DYNmessages
Would that work?
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
Havent messed with windows yet so cant really say
On Apr 3, 2013 6:37 PM, Josh Bitto jbi...@onlineschool.ca wrote:
I'm sorry I should have clarifiedWindows events go to both locations
mentioned.
Could I add a rule that says...
If \
$source == 'somekind of windows identifier'
The drawback to RHEL is that they don't change versions from the time they
release the software. rsyslog 3.x was fairly current when RHEL 5.0 was released
5-7 years ago, but now it's just not reasonable.
The problem is that Red Hat likes to freeze the versions close to a year before
the
I have the same setup. I have my central rsyslog server and splunk server on
the same box. I'm having all clients send logs and having rsyslog put them in
different log locations.
Then on the splunk side I'm just indexing those file locations. What method are
you using to throw away all other
17 matches
Mail list logo
