Save rsyslog data -
Bob Goodwin - Zuni, Virginia, USA
bobgoodwin at wildblue.net
Sun Aug 19 20:45:43 UTC 2012
On 19/08/12 15:44, Ed Greshko types:
> On 08/20/2012 12:53 AM, Heinz Diehl wrote:
>> On 19.08.2012, Bob Goodwin - Zuni, Virginia, USA wrote:
>>
>>> Can someone tell me the proper command to save log data to "
>>> /home/bobg/xxlog" instead of filling up "var/log/messages" nothing I've
>>> tried has worked?
>> Here's what works for me:
>>
>> 1. Go to /etc/sysconfig/rsyslog and add the "-r" option to the
>> parameters for rsyslogd (as far as I know, the "-r" option has been
>> obsoleted some time ago, and is replaced by 2., so just try or read
>> the manpages).
>>
>> 2. Go to /etc/rsyslogd.conf and let the daemon listen on UDP port 514:
>>
>> $ModLoad imudp
>> $UDPServerRun 514
>>
>> 3. Go to /etc/rsyslog.d and create an empty file. Write this into it:
>>
>> :source, isequal, "sunshine" /var/log/tomato.log
>> :source, isequal, "sunshine" ~
>>
>> Replace "sunshine" with your routers name, or use its IP.
>>
>> 4. Restart rsyslogd:
>>
>> systemctl restart syslog.service
>>
>> That's it.
>>
> And don't forget to open port 514 if you are running a firewall on the rsyslog host. It is closed by default.
>
It shows 514 UDP open.
But I still can/t get anything into /var/log/tomato.log. It keeps
filling up /var/log/messages, about 2 megs so far today! I'm still
missing something.
I changed this since the option -r doesn't seem to be used.
/etc/sysconfig/rsyslog
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-c 2"
And created this:
[bobg at box9 rsyslog.d]$ cat emptyfile
# /etc/rsyslog.d/emptyfile
:source, isequal, 192.168.1.9 /var/log/tomato.log
:source, isequal, 192.168.1.9 ~
Actually I even tried naming it emptyfile.conf out of desperation.
Nothing is ever easy!
Bob
.
--
http://www.qrz.com/db/W2BOD
box9
More information about the users
mailing list