So far i have the following basic settings, I read some stuff, need a "$ModLoad imfile"and also a separate config file place inside /etc/rsyslog.d/. Its kinda complicated Any easy way to do it?
Code:
[root@syslog-server ~]# cat /etc/rsyslog.conf
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
#$ModLoad ommysql.so
$ModLoad ommysql.so
$ModLoad ommysql.so
*.* :ommysql:127.0.0.1,rsysdb,rsyslog,js6S@smd
$AllowedSender UDP, 127.0.0.1, 108.144.153.0/24
$AllowedSender TCP, 127.0.0.1, 108.144.153.0/24
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 4g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
[root@syslog-server ~]#
Code:
[root@mail-server ~]# cat /etc/rsyslog.conf
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
*.* @@108.144.153.99
# ### end of the forwarding rule ###
[root@mail-server ~]#
Hi All,
I have a specific requirement hope you guys can help me resolve this problem.
I want to send an email when a specific user logs in..
Eg: My User ID on the Unix box is VENKYA when I log into the System can we send a mail that I logged in.
I am on a Sun Solaris Server.
... (3 Replies)
I have to write a shell script like this--
1) Utility will be run under the directory owner.
2) This utility will clean files in ABC/logs. And following logs will be backed up or deleted.
Dispatcher Logs
Middle tier Logs
Sage log
Sage monitor log
Sage db clean up result log
Core files ... (12 Replies)
Hi All,
I am trying to rsync some of the latest files from remote m/c to my local linux box.
Folder structure in my remote m/c looks like this
/pub/Nightly/Package/ROLL/WIN
/pub/Nightly/Package/SOLL/sol
/pub/Nightly/Package/SOLL/linux
Each of the folder contains gzip files which on daily... (0 Replies)
Sorry, couldn't really think of a simple subject/title.
So, I have a log file, and the dates are displayed like so:
2009-03-05 02:49:44
So the first and second field are the date/time. I can change them into a unix timestamp easily with:
date -d "2009-03-05 02:49:44" +%s
However,... (17 Replies)
I need to extract data from logs for a mentioned date range..Its quite urgent can anyone help me out with it..its to be written in unix..just thought its better to specify.. (4 Replies)
i have a log file that has the date and time that looks like this:
Wed Jun 28 15:46:21 2012 test failed tailed passed passed not error panic
what we want to focus on is the first 5 columns because they contain the date and time.
the date and time can be anywhere on the line. in this... (6 Replies)
I found a script for automatically push tomcat logs to syslog server which is locate in same server. How do I change it to push logs to remote server?
log4j.rootLogger=INFO, WARN, console, file, SYSLOG
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.append=true... (2 Replies)
I have a script that runs right before a daily reboot that captures the amount of MB transmitted up and pulled down since last reboot.
echo `date +"%m-%d-%y"``grep eth0 /proc/net/dev | awk '{print ","$2/1024/1024","$10/1024/1024}'`>>/home/nick/bandwidth.logIn looking at the raw output of... (1 Reply)
Hi All
I need your help to configure Aix to send logs to Qradar, I did all the methods that mentioned in IBM website and no use, Plz Help,,
The Logs should I receive from Aix and display in Qradar is (create user delete user changing in privileges....etc )
my skype account
khaled_ly84
... (4 Replies)