On 19/08/12 15:44, Ed Greshko types:
On 08/20/2012 12:53 AM, Heinz Diehl wrote:
On 19.08.2012, Bob Goodwin - Zuni, Virginia, USA wrote:
Can someone tell me the proper command to save log data to " /home/bobg/xxlog" instead of filling up "var/log/messages" nothing I've tried has worked?
Here's what works for me:
- Go to /etc/sysconfig/rsyslog and add the "-r" option to the
parameters for rsyslogd (as far as I know, the "-r" option has been obsoleted some time ago, and is replaced by 2., so just try or read the manpages).
- Go to /etc/rsyslogd.conf and let the daemon listen on UDP port 514:
$ModLoad imudp $UDPServerRun 514
- Go to /etc/rsyslog.d and create an empty file. Write this into it:
:source, isequal, "sunshine" /var/log/tomato.log :source, isequal, "sunshine" ~
Replace "sunshine" with your routers name, or use its IP.
- Restart rsyslogd:
systemctl restart syslog.service
That's it.
And don't forget to open port 514 if you are running a firewall on the rsyslog host. It is closed by default.
It shows 514 UDP open.
But I still can/t get anything into /var/log/tomato.log. It keeps filling up /var/log/messages, about 2 megs so far today! I'm still missing something.
I changed this since the option -r doesn't seem to be used.
/etc/sysconfig/rsyslog
# Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for more details SYSLOGD_OPTIONS="-c 2"
And created this:
[bobg@box9 rsyslog.d]$ cat emptyfile # /etc/rsyslog.d/emptyfile
:source, isequal, 192.168.1.9 /var/log/tomato.log :source, isequal, 192.168.1.9 ~
Actually I even tried naming it emptyfile.conf out of desperation.
Nothing is ever easy!
Bob .
-- http://www.qrz.com/db/W2BOD
box9