[rsyslog] Configuring rsyslog for forwarding log files to multiple remote machines

Fri, 07 Aug 2020 00:01:27 -0700 

Hi,

I am new to using rsyslog - I have a scenario in which I want to send
file1.log, file2.log  to a remote machine say 10.10.10.123 , and file3.log
to a remote machine say 10.11.11.123. Is it possible to do this using
imfile sections in rsyslog config?

I tried the below thing, which looks to be working, let me know if this is
the valid approach. Or has some problems associated which i am not aware of
, or any better approach for achieving this.

Any pointers would be helpful. Thank you in advance.

$ModLoad imfile
$ActionForwardDefaultTemplate RSYSLOG_ForwardFormat

input(Type="imfile"
      File="/home/logs/file1.log"
      stateFile="file1.log.stat"
      Tag="file1:"
      Facility="local0"
      Severity="info"
      startmsg.regex="^"
)
$InputRunFileMonitor
if $programname == 'file1' and $msg contains 'DEBUG' then ~
if $programname == 'file1' then @10.10.10.123:514
if $programname == 'file1' then ~


input(Type="imfile"
      File="/home/log/file2.log"
      stateFile="file2.log.stat"
      Tag="file2:"
      Facility="local0"
      Severity="notice"
      startmsg.regex="^"
)
$InputRunFileMonitor
if $programname == 'file2' and $msg contains 'DEBUG' then ~
if $programname == 'file2' and $msg contains 'INFO' then ~
if $programname == 'file2' then @10.10.10.123:514
if $programname == 'file2' then ~


input(Type="imfile"
      File="/home/file3.log"
      stateFile="file3.log.stat"
      Tag="file3:"
      Facility="local0"
      Severity="notice"
      startmsg.regex="^"
)

$InputRunFileMonitor
if $programname == 'file3' and $msg contains 'DEBUG' then ~
if $programname == 'file3' and $msg contains 'INFO' then ~
if $programname == 'file3' then @10.11.11.123:514
if $programname == 'file3' then ~

$WorkDirectory /home/rsyslog     # where to place spool files
$ActionQueueFileName  rsyslog_queue # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueDiscardMark 204800
$ActionQueueSize 256000
$ActionQueueDiscardSeverity 5 # Drop Notify and below messages whenever
                              # queue is full.
$ActionQueueLowWaterMark 51200
$ActionQueueHighWaterMark 204800
  local0.*; @10.10.10.123:514
  local0.*; @10.11.11.123:514
 #UDP forwarding
local0.*    ~ # Do not further process

Thanks,
Shrikant
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to