Hello and Merry Christmas folks,
I was running RHEL7 (technically, I still am on other servers) with
Rsyslog-8.24.0-57.
I have on this environment the configurations necessary to accomplish a few
things, such that I can:
1. "listen" for incoming traffic over TCP and UDP via port 514. with
SYNTAX====
$ModLoad imudp
$UDPServerRun 514
---
$ModLoad imtcp
$TCPServerRun 514
2. I am also using omfile configurations, with SYNTAX====
Module(load="builtin:omfile")
$CreateDirs on
$DirCreateMode 0700
$FileCreateMode 0600
$FileGroupNum 2000 <== Which is what I got help with from this
list before.
3. I have setup (BSD-style templates {?variables?}; which use
"%HOSTNAME%" in them, with SYNTAX====
$template CATC,"/var/log/remote/%HOSTNAME%.log"
$template SECU,"/var/log/remote/%HOSTNAME%/secure"
$template MESG,"/var/log/remote/%HOSTNAME%/messages"
4. for use within conditionals for parsing data and the associated
selectors, as an action, send to those BSD-style templates. with
SYNTAX====
if ($fromhost-ip startswith ‘172.20.245.5’ or $fromhost-ip contains
‘172.20.245.101’) then {
authpriv.*
-?SECU
*.info;mail.none;authpriv.none;cron.none
-?MESG
& stop
} else if ( $fromhost contains ‘i42tskvm’ ) then {
*.*
-?MESG
stop
} else {
*.*
/var/log/messages
stop
}
But now, I am working with new servers running with RHEL8 and
Rsyslog-8.2102.0-15.
1) I have learned the new syntax for standing up and bonding TCP and UDP
listeners with Port 514, to specific IP addresses, SYNTAX==
module(load=”imudp”) # needs to be done just once
input(type=”imudp” port=”514” address=”172.20.47.101”)
module(load=”imtcp”) # needs to be done just once
input(type=”imtcp” port=”514” address=”172.20.47.101”)
*I am confident in the above syntax as I have listeners displayed when I
executed an appropriate netstat command. I am willing to accept any
suggestions, but I want to listen only via one IP address.*
2) I have, with some struggle, and honestly I am not confident that I have
done it correctly, adapted/converted the *omfile* parameters, SYNTAX==
module(load="builtin:omfile" dirCreateMode="0700" fileCreateMode="0600"
fileGroupNum="2000")
action(type="omfile" createDirs="on")
Any comments on this would be welcomed; however, I believe I do have these
configured correctly.
3) I have attempted, admittedly not with 100% certainty I did it correctly,
the templates with the new standard, SYNTAX==
template(name="CATC" type="string" string="/var/log/remote/%HOSTNAME%.log")
template(name="SECU" type="string"
string="/var/log/remote/%HOSTNAME%/secure")
template(name="MESG" type="string"
string="/var/log/remote/%HOSTNAME%/messages")
4) Finally, I don't have any idea how to adapt the Conditionals I was
using with RHEL7 to the newer standards, *OLD SYNTAX==*
if ($fromhost-ip startswith ‘172.20.45.5’ or $fromhost-ip contains
‘172.20.45.101’) then {
authpriv.*
-?SECU
*.info;mail.none;authpriv.none;cron.none
-?MESG
& stop
} else if ( $fromhost contains ‘i42tskvm’ ) then {
*.*
-?MESG
stop
} else {
*.*
/var/log/messages
stop
}
I need help on this portion for sure. I don't know how to make use of the
templates with the selectors to get the data dropped into the correct
logfile. Please correct my understanding if it is incorrect; however, I
believe the lines syntax of syntax with "if", "else if", and "else" are all
still appropriate.
Please, can someone lead me to the understanding of how to adapt all four
sections {{1), 2), 3), and 4) }} appropriately? This is for work.
--------------------------
Warron French
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
