[ale] F10, rsyslog, and incoming remote logs

Jim Kinney jim.kinney at gmail.com
Tue Jul 14 12:51:02 EDT 2009


You will need to set the logfile locations on a per machine basis using
their /etc/rsyslog.conf file. That is where you set the file name for each
log point.

If they all go to the same <host>:/var/log/messages it should still be
parsable as they should include <hostname> as part of the record.

On Tue, Jul 14, 2009 at 12:18 PM, Mills John M-NPHW64
<Jmills at motorola.com>wrote:

> Recap: I need to capture and collect remote syslogd messages sent to my F10
> system which runs 'rsyslogd'.
>
> Jim, ALErs -
>
> Thanks for the note. I made some headway but still have a question about
> '/etc/rsyslogd.conf'.
>
> 1. My total failure to receive messages from remote senders was apparently
> a domain partitioning issue on our network. I moved to different sub-domain
> and now I copy.
>
> 2. The UDP/port 514 server seems to be started properly with:
> ...
> # Provides UDP syslog reception
> $ModLoad imudp.so
> $UDPServerRun 514
> ...
>
> 3. I successfully write the incoming traffic to a particular file with:
> ...
> # Save external messages to ext_src.log
> :fromhost-ip, startswith, "10."
> /var/log/ext_src.log
> ...
>
> (I don't really need any IP filtering except that the message originated
> externally, but this is fine for the moment.)
>
> QUESTION: How can I _stop_ the incoming traffic from remote servers from
> also appearing on '/var/log/messages'?
>
> Thanks for any further guidance.
>
>  - Mills
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>


-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090714/7c7c2620/attachment.html 


More information about the Ale mailing list