I've setup a ruleset that is applied to messages arriving from remote
systems via imrelp. One action within that ruleset matches on auth
facility messages and places them into a "combined" auth log file.
Additionally an alert is generated via ommail for matching patterns (SSH
logins).
In
To set global directives in version 8 you use the global configuration
object. http://www.rsyslog.com/doc/v8-stable/rainerscript/global.html
example:
global(
workDirectory="/var/lib/rsyslog"
)
you can list more than one directive per global configuration object, but do
not set a
CentOS Linux release 7.3.1611 (Core)
rsyslog.x86_64 8.28.0-1.el7
@rsyslog_v8
rsyslog-mysql.x86_648.28.0-1.el7
@rsyslog_v8
In February 2016, we needed to move up from whatever Centos 7 had for
rsyslog. At that time, this list encouraged me to convert our
As long as you’re not doing any type of filtering / if..then on $fromhost-ip
(or similar variable), you can setup a filter on something like prifilt and
it’ll capture anything - local or remote. E.g.:
if prifilt("authpriv.*") then {
action(
name = "LOCAL_MessagesToFile"
CentOS Linux release 7.3.1611 (Core)
rsyslog.x86_64 8.28.0-1.el7
@rsyslog_v8
rsyslog-mysql.x86_648.28.0-1.el7
@rsyslog_v8
In February 2016, we needed to move up from whatever Centos 7 had for
rsyslog. At that time, this list encouraged me to convert our
Sorry i didn't really explain why we kept umask. As per documentation we
continue to add '$umask 000' at the top of the configuration file to prevent
any possible issues with file creation. We did have issues early on when
switching loggers where some inheritance permissions prevented omfile
I don't believe that umask works with the action() format, I think you need to
specify file permissions in the action() call.
But as I said in another e-mail, there's no particular reason to be 'legacy
free', there are some things that are simple and clearer in the legacy format
than in a
7 matches
Mail list logo
