In rsyslog.conf I've added some templates, rules and
enabled listening on the udp port.
###############################
### Per-Host Templates for Remote Systems ###
$template TmplAuthpriv,
"/var/log/remote/auth/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log"
$template TmplMsg,
"/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log"
### end of user added lines
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
### jbk added lines per SysAdminGuideF23 20160319
# Provides TCP syslog reception
#$ModLoad imtcp
# Adding this ruleset to process remote messages
$RuleSet remote1
authpriv.* ?TmplAuthpriv
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
$RuleSet RSYSLOG_DefaultRuleset #End the rule set by
switching back to the default rule set
$InputUDPServerBindRuleset remote1 #Define a new input
and bind it to the "remote1" rule set
#$InputTCPServerRun 514
###################end of rsyslog edits############
I've opened the tcp and udp port 514 on the firewall and
I've created the remote/auth and remote/msg directories in
/var/log
Note the template definitions are one line.
So there it is. What is hindering the log reception?
So I am wrong, I am receiving the modem log messages but
they are all going to /var/log/messages.
So why are the templates not filtering the modem messages to
the indicated locations?
Is it that the modem does not have a valid HOSTNAME?
Or, is the PROGRAMNAME keyword overly specific?
--
Jim Kelly-Rand
j...@kjkelra.com
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
