I have the same setup. I have my central rsyslog server and splunk server on
the same box. I'm having all clients send logs and having rsyslog put them in
different log locations.
Then on the splunk side I'm just indexing those file locations. What method are
you using to throw away all other l
What I do with splunk is that I have my clients send all the logs up to my
central server, and Splunk server. I then have the rsyslog on the Splunk server
write the logs that I want splunk to index into a file and then throw all the
other logs away. I roll the log from where it's written into a
The drawback to RHEL is that they don't change versions from the time they
release the software. rsyslog 3.x was fairly current when RHEL 5.0 was released
5-7 years ago, but now it's just not reasonable.
The problem is that Red Hat likes to freeze the versions close to a year before
the releas
Havent messed with windows yet so cant really say
On Apr 3, 2013 6:37 PM, "Josh Bitto" wrote:
> I'm sorry I should have clarifiedWindows events go to both locations
> mentioned.
>
>
> Could I add a rule that says...
>
> If \
> $source == 'somekind of windows identifier' \
> Then?
I'm sorry I should have clarifiedWindows events go to both locations
mentioned.
Could I add a rule that says...
If \
$source == 'somekind of windows identifier' \
Then?DYNmessages
Would that work?
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:
The config I shared does that
On Apr 3, 2013 6:18 PM, "Josh Bitto" wrote:
> Marcelo,
>
> Thank you for the help earlier. Now I have another question. I kept the
> first rules and now. I want to add a rule of sorts.
>
> When rsyslog receives upd traffic it not only is adding it to my
> /var/log/me
Marcelo,
Thank you for the help earlier. Now I have another question. I kept the first
rules and now. I want to add a rule of sorts.
When rsyslog receives upd traffic it not only is adding it to my
/var/log/messages file but also to the /var/log/hosts//messages file
as well.
Is there a way fo
I actually just found that. It is helping out a lot as far as all the different
terminology that this protocol uses.
Thanks Anyway!
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Gregory Patmore
Sent: Wednesday, April
I found this reference helpful:
http://en.wikipedia.org/wiki/Syslog
On Wed, Apr 3, 2013 at 4:02 PM, Rainer Gerhards wrote:
> I suggest
>
> http://www.monitorware.com/en/topics/syslog/
>
> Especially the seminar.
>
>
> Sent from phone, thus brief.
>
>
>
> Ursprüngliche Nachricht
I suggest
http://www.monitorware.com/en/topics/syslog/
Especially the seminar.
Sent from phone, thus brief.
Ursprüngliche Nachricht
Von: Josh Bitto
Datum: 03.04.2013 21:49 (GMT+01:00)
An: rsyslog-users
Betreff: Re: [rsyslog] Allocating certain logs to certain files
Okie
Okie dokie
Would these if then statements work for windows events?
Basically here is my goal...
I want to use splunk as a Management tool for my logs (free version is 500 mb
volume/24 hour period) but I want rsyslog to forward log files to my
central log server.
In order to stay under
In that case you only need one rule, something like this should work
1. if \
2. $source != 'loghost.example.com' \
3. then*.* ?DYNlogfile
On Wed, Apr 3, 2013 at 4:23 PM, Josh Bitto wrote:
> Oh ok thank you! That worked!
>
> I'm sorry I keep asking questions
>
> So
Oh ok thank you! That worked!
I'm sorry I keep asking questions
So in the If, then statements where it says
if \
$source != 'syslog.onlineschool.ca' \
and \
$syslogseverity <= '6' \
--
The very last li
loghost is the name of the machine doing the central logging with rsyslog
which I want to keep it's logs under the default location
$source != 'loghost.example.com'
means every hosts but loghost.example.com
On Wed, Apr 3, 2013 at 4:03 PM, Josh Bitto wrote:
> On your if, then statements where i
On your if, then statements where it says $source != 'loghost.example.com' \
What would I replace it with? %hostname%
The reason I ask is that there will be many host names or IP addresses that I'm
forwarding logs from.
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mail
Josh,
This is what I'm currently using, http://pastebin.com/tsTHdsZY
Starting at line 116 you'll find what you want
On Wed, Apr 3, 2013 at 3:38 PM, Josh Bitto wrote:
> Ok here is my issue...on my cental rsyslog server I have in my config file
> the following
>
> # This one is the template
Ok here is my issue...on my cental rsyslog server I have in my config file the
following
# This one is the template to generate the log filename dynamically, depending
on the client's IP address.
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
# Log all messages to the dynamically fo
Hello rsysloggers,
My loghost in the past 8 years was a FreeBSD box with a modified syslogd,
writing up to 3 mill. events per day into a PostgreSQL db, using transactions
(all events, delivered in 5 seconds) and doing a new PQprepare every 1000
transactions (to get a new plan from updated stati
Wow. Thanks all. Sad that the official RHEL repository is so far behind...
I'll see about linking to the rsyslog repository.
-Chris Bartram
"The purpose of life is not to be happy. It is to be useful, to be honorable,
to be compassionate, to have it make some difference that you have lived
> -Original Message-
> From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
> boun...@lists.adiscon.com] On Behalf Of David Lang
> Sent: Wednesday, April 03, 2013 10:06 AM
> To: Chris Bartram; rsyslog-users
> Subject: Re: [rsyslog] trouble adding relp to existing server
>
> On Tue, 2
On Tue, 2 Apr 2013, Chris Bartram wrote:
On a RHEL 5 system I have an existing server where I have basic UDP and
encrypted tls transports setup. I'm now trying to add RELP but even after
adding the librelp packages I get an error from rsyslog complaining that it
can't open imrelp.so. In fact
21 matches
Mail list logo