Differences
This shows you the differences between two versions of the page.
|
linux_wiki:rsyslog [2015/10/04 01:41] billdozor |
linux_wiki:rsyslog [2019/05/25 23:50] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Rsyslog ====== | ||
| - | **General Information** | ||
| - | |||
| - | Rsyslog administration and config. | ||
| - | |||
| - | **Checklist** | ||
| - | * Distro: Enterprise Linux 6 | ||
| - | * Rsyslog installed (default) | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Remote Logging with Rsyslog ===== | ||
| - | |||
| - | How to send syslogs to a remote system using the RELP (Reliable Event Logging Protocol) module. | ||
| - | |||
| - | ==== Prerequisites ==== | ||
| - | |||
| - | Install the RELP module | ||
| - | <code bash> | ||
| - | yum -y install rsyslog-relp | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== Receiving Syslog System ==== | ||
| - | |||
| - | Edit / | ||
| - | <code bash> | ||
| - | #### Modules #### | ||
| - | # Provides RELP syslog reception | ||
| - | $ModLoad imrelp | ||
| - | $InputRELPServerRun 10514 | ||
| - | |||
| - | #### Rules #### | ||
| - | ## Remote and local logging for local1 rule ## | ||
| - | local1.* | ||
| - | </ | ||
| - | |||
| - | Restart rsyslog service | ||
| - | <code bash> | ||
| - | service rsyslog restart | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== Sending Syslog System ==== | ||
| - | |||
| - | Create a directory to save spool files | ||
| - | <code bash> | ||
| - | mkdir -p / | ||
| - | chmod 700 -R / | ||
| - | </ | ||
| - | * This is used in case the rsyslog client cannot reach the rsyslog server. Messages are spooled in a file until it can be reached again. | ||
| - | |||
| - | Edit / | ||
| - | <code bash> | ||
| - | ## Load Module ## | ||
| - | $ModLoad omrelp | ||
| - | |||
| - | ## Spool directory for all rules ## | ||
| - | $WorkDirectory / | ||
| - | |||
| - | ## Local 1 forwarding rules ## | ||
| - | $ActionQueueFileName srvfwd-local1 | ||
| - | $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down | ||
| - | $ActionQueueType LinkedList | ||
| - | $ActionResumeRetryCount -1 # infinite retries on insert failure | ||
| - | local1.* | ||
| - | ## End local 1 rules ## | ||
| - | </ | ||
| - | * Warning: $ActionQueueFileName must be unique per ruleset/ | ||
| - | |||
| - | Restart rsyslog service | ||
| - | <code bash> | ||
| - | service rsyslog restart | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== Testing ==== | ||
| - | |||
| - | Send test messages from client | ||
| - | <code bash> | ||
| - | logger -p local1.info " | ||
| - | </ | ||
| - | |||
| - | Check logs on receiver | ||
| - | <code bash> | ||
| - | grep testing / | ||
| - | </ | ||