Linux.com

Millerlw

Millerlw

  • Linux.com Member
  • Posts: 2
  • Member Since: 05 Sep 12
  • Last Logged In: 10 Sep 12

Latest Posts

Posted by
Topic
Post Preview
Posted
  • Millerlw
    Prevent rsyslog from writing messages from remote hosts to /var/log/messages
    Hi, I am configuring rsyslog to capture messages from remotes hosts to /var/log/remotehosts. It is working, but messages from remote hosts are also going to /var/log/messages. Is there a way to prevent that from happening? My rsyslog follows Thanks in advance, Leonard # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp $UDPServerAddress 0.0.0.0 $UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf $template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n" $template DailyPerHostLogs,"/var/log/remotehosts/%HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log" *.* -?DailyPerHostLogs;TraditionalFormat ## This section added to prevent remote messages from being looged to messages if $source == 'smctux01' and $syslogseverity <= '6' then /var/log/messages;TraditionalFormat ####### #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log
    Link to this post 10 Sep 12

    Hi,
    I am configuring rsyslog to capture messages from remotes hosts to /var/log/remotehosts. It is working, but messages from remote hosts are also going to /var/log/messages. Is there a way to prevent that from happening? My rsyslog follows

    Thanks in advance,
    Leonard

    # rsyslog v5 configuration file

    # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
    # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

    #### MODULES ####

    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
    $ModLoad imklog # provides kernel logging support (previously done by rklogd)
    #$ModLoad immark # provides --MARK-- message capability

    # Provides UDP syslog reception
    $ModLoad imudp
    $UDPServerAddress 0.0.0.0
    $UDPServerRun 514

    # Provides TCP syslog reception
    #$ModLoad imtcp
    #$InputTCPServerRun 514


    #### GLOBAL DIRECTIVES ####

    # Use default timestamp format
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

    # File syncing capability is disabled by default. This feature is usually not required,
    # not useful and an extreme performance hit
    #$ActionFileEnableSync on

    # Include all config files in /etc/rsyslog.d/
    $IncludeConfig /etc/rsyslog.d/*.conf

    $template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

    $template DailyPerHostLogs,"/var/log/remotehosts/%HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log"
    *.* -?DailyPerHostLogs;TraditionalFormat

    ## This section added to prevent remote messages from being looged to messages
    if $source == 'smctux01' and $syslogseverity <= '6' then /var/log/messages;TraditionalFormat
    #######

    #### RULES ####

    # Log all kernel messages to the console.
    # Logging much else clutters up the screen.
    #kern.* /dev/console

    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    *.info;mail.none;authpriv.none;cron.none /var/log/messages

    # The authpriv file has restricted access.
    authpriv.* /var/log/secure

    # Log all the mail messages in one place.
    mail.* -/var/log/maillog

    # Log cron stuff
    cron.* /var/log/cron

    # Everybody gets emergency messages
    *.emerg *

    # Save news errors of level crit and higher in a special file.
    uucp,news.crit /var/log/spooler

    # Save boot messages also to boot.log
    local7.* /var/log/boot.log

  • Millerlw
    Server distro question
    Hi, I had used Linux until just over a year ago with a previous company, but have not used it since because I was not given an opportunity and do not know what has happened in the community. I was using Fedora(possibly 5) and RHEL, but now I need to install a new server and need some advice. The server will do mostly a central syslog, some network monitoring and some homegrown scripts and web apps. Is Fedora still good? I have heard that CentOS is basically RedHat without the logo, is that true? If so, is it any good? Are there any other distros that would work well for what I need it to do? The server is a Dell 64-bit with 6Gig(?) of ram and two 500meg drives, and I doubt I will use the gui very much(if at all). Thanks in advance, Leonard
    Link to this post 05 Sep 12

    Hi,
    I had used Linux until just over a year ago with a previous company, but have not used it since because I was not given an opportunity and do not know what has happened in the community. I was using Fedora(possibly 5) and RHEL, but now I need to install a new server and need some advice.

    The server will do mostly a central syslog, some network monitoring and some homegrown scripts and web apps.

    Is Fedora still good? I have heard that CentOS is basically RedHat without the logo, is that true? If so, is it any good? Are there any other distros that would work well for what I need it to do?

    The server is a Dell 64-bit with 6Gig(?) of ram and two 500meg drives, and I doubt I will use the gui very much(if at all).

    Thanks in advance,
    Leonard

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board