[rsyslog] (no subject)

warron.french via rsyslog Mon, 02 Oct 2023 17:26:45 -0700

I hope this is the correct list to send questions to, I have not needed
support on rsyslog in 7 years.


INFO (as the basis for my question)
I have six (6)  RHEL7 systems on a network that I need to setup logging
forwarding from five(5) *clients* over to the last (1) *server*.

I have the following ROLE {server, client}  and Hostnames to list:

SERVER:     'a8-ytb-dev001'

CLIENT:       'a8-ansi-w00'   (not a type, compared the following two)
CLIENT:       'a8-ansi-w001'
CLIENT:       'a8-ansi-w002'
CLIENT:       'a8-ansi-d001'
CLIENT:       'a8-ansi-d002'

On all of the clients, in the /etc/rsyslog.configuration file I have added
the syntax at the bottom of the file:

**.*   @@192.168.2.225:514*

On the server, in the /etc/rsyslog.conf configuration file I do have in
place the following:

*module(load="imtcp")*
*input(type="imtcp"  port="514")*

*$template      CATC,"/var/log/REMOTE/%HOSTNAME%.log"*
*$template      SECU,"/var/log/REMOTE/%HOSTNAME%/secure"*
*$template      MESG,"/var/log/REMOTE/%HOSTNAME%/messages"*

I also have the following below these lines...

*if  $fromhost  contains  'a8-ansi-d00'  then   {*
*     authpriv.*
  -?SECU*
*     *.info;mail.none;authpriv.none;cron.none        -?MESG*
*     &  stop*
*}*

*if  $fromhost-ip    !=     '127.0.0.1'   then  {*
*     :hostname,    !contains,   "a8-ansi-d00"   ~*
*     *.*
           -?CATC*
*     &   stop*
*}*

*I have two goals:*

   1. Get the hosts with hostnames  'a8-ansi-d001' and 'a8-ansi-d002' to
   log both  *authpriv.** to "secure", and
   **.info;mail.none;authpriv.none;cron.none* to "messages."
   2. Get all other hosts regardless of hostname string pattern to log i*nto
   a single file* based on the CATC template (into
   /var/log/REMOTE/%HOSTNAME%.log).


*Issues I am experiencing:*

   1. I have been able to accomplish goal#1 but with a minor issue.  The
   issue is that after after every reboot of either (or both) of the
   'a8-ansi-d00*' hostname pattern I end up with a file in
   /var/log/REMOTE/a8-ansi-d001/log (for a specific example) and also into
   /var/log/REMOTE/%HOSTNAME%/secure  (and messages).  So I am getting data
   logged into both places which is not wanted.
   2. Furthermore, none of the other hosts have a
   /var/log/REMOTE/%HOSTNAME%.log generated after their namesakes, or at all.
   This is not accomplishing my goal#2.


Can I get some help, please?



--------------------------
Warron French
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] (no subject)

Reply via email to