Skip to main content

rsyslog file log to remote syslog

 1. rsyslog

   [file-A]     <--->    [remote rsyslog]


1) Edit conf file (The filename is your choice.)

  @: udp

  @@: tcp


/etc/rsyslog.d/01-testlog.conf

$ModLoad imfile

# Default Apache Access Log

$InputFileName /var/log/haproxy.log

#$InputFileName /var/log/httpd/access_log

#$InputFileTag httpd-access-default:

#$InputFileStateFile stat-httpd-access

#$InputFileSeverity info

$InputFileFacility local4

$InputRunFileMonitor

$InputFilePollInterval 10

local4.* @127.0.0.1:514


2) ignore local4 from /var/log/message and /var/log/syslog
  edit /etc/rsyslog.conf


Before:
*.*;auth,authpriv.none    -/var/log/syslog

After:

*.*;!(local4.*);auth,authpriv.none    -/var/log/syslog


Before:

*.=debug;\

  auth,authpriv.none;\

  news.none;mail.none -/var/log/debug

*.=info;*.=notice;*.=warn;\

  auth,authpriv.none;\

  cron,daemon.none;\

  mail,news.none    -/var/log/messages

 After:

*.=debug;\

  auth,authpriv.none;\

  news.none;mail.none -/var/log/debug

*.=info;*.=notice;*.=warn;\

  auth,authpriv.none;\

  cron,daemon.none;\

  !(local4.*);\

  mail,news.none    -/var/log/messages


2. restart rsyslog

  systemctl restart rsyslog
Labels:

Comments

Post a Comment

Popular posts from this blog

[scapy] Linux-Cooked pcap to ethernet

# The pcap file formatted by "Linux cooked" # tcpdump -r myfile.pcap -nn reading from file event1.pcap, link-type LINUX_SLL (Linux cooked) ... ... # step1. read myfile.pcap pkts = rdpcap("myfile.pcap"); # step2. read myfile.pcap pkts = [Ether(src='00:11:22:33:44:55', dst='22:33:44:55:66:77')/pkt[1:] for pkt in pkts] # step3. modify IP address and recalculate chksum for pkt in pkts:  pkt[1].dst='192.168.1.10';  pkt[1].src='192.168.1.1';  del pkt[IP].chksum  del pkt[UDP].chksum # step4. packet send sendp(pkts[0]); # step5. save pcap  wrpcap("output.pcap",pkts); # tcpdump -r output.pcap -nn reading from file output.pcap, link-type EN10MB (Ethernet) ... ... # pkt[1:] : It means IP layer 1) Before: Linux cooked / IP / UDP / UDP-Data 2) After: Ethernet / IP / UDP / UDP-Data
Post a Comment
Read more

[WordPress] Change https redirect in DB.

If you make an https redirect without thinking about SSL configuration: Check DB SELECT * from wp_options where option_name IN ('siteurl', 'home'); Update UPDATE wp_options SET option_value = REPLACE(option_value, 'https://your_domain', 'http://your_domain') WHERE option_name IN ('siteurl', 'home');
Post a Comment
Read more

[bash-script/gcc] check warning of make within git-diff of commit

When you need check "make warning" in specific commits, you can use this script to check just in some commits. This script takes some steps. step1. You must know your commit hash. : like abcd1234 step2. Checkout to your commit.  Like this, git checkout abcd1234. step3. You need output file that run make.  Try to run command "make &> myoutput" step4. Then run this. ./new_warning.sh abcd1234 myoutput You can download this script :  new_warning.sh
Post a Comment
Read more