Configure rsyslog 8 custom file send and template on server

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


Configure rsyslog 8 custom file send and template on server

Postby sdilazzaro » Thu Dec 28, 2017 12:05 pm

I'm configuring rsyslog for logs to be shipped to a remote server. On the client, I configured the module imfile to grab Apache accesslog:

Code: Select all
    #  Apache access log
    input(type="imfile"
          File="/var/log/apache2/access.log"
          Tag="http-accesslog"
          )


after that, this file is sent to main /var/log/syslog.

now, I also configured the syslog to be shipped to a remote server. on this remote server, I have the following configuration:

Code: Select all
    #  /etc/rsyslog.conf    Configuration file for rsyslog.
    #
    #           For more information see
    #           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
    #
    #  Default logging rules can be found in /etc/rsyslog.d/50-        default.conf


    #################
    #### MODULES ####
    #################

    module(load="imuxsock") # provides support for local system logging
    module(load="imklog")   # provides kernel logging support
    #module(load="immark")  # provides --MARK-- message capability

    # provides UDP syslog reception
    module(load="imudp")
    input(type="imudp" port="514")

    # provides TCP syslog reception
    module(load="imtcp")
    input(type="imtcp" port="514")

    # Enable non-kernel facility klog messages
    #$KLogPermitNonKernelFacility on

    ###########################
    #### GLOBAL DIRECTIVES ####
    ###########################

    #
    # Use traditional timestamp format.
    # To enable high precision timestamps, comment out the following line.
    #
    #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

    # Filter duplicated messages
    $RepeatedMsgReduction on

    #
    # Set the default permissions for all log files.
    #
    $FileOwner syslog
    $FileGroup adm
    $FileCreateMode 0640
    $DirCreateMode 0755
    $Umask 0022
    $PrivDropToUser syslog
    $PrivDropToGroup syslog

    #
    # Where to place spool and state files
    #
    $WorkDirectory /var/spool/rsyslog

    #
    # Include all config files in /etc/rsyslog.d/
    #
    $IncludeConfig /etc/rsyslog.d/*.conf
    $template collector,"/var/log/collector/%HOSTNAME%/%$YEAR%_%$MONTH%_%$DAY%_%HOSTNAME%_%programname%.log"
    #$template collector,"/var/log/collector/%HOSTNAME%/%$YEAR%_%$MONTH%_%$DAY%_%HOSTNAME%_%syslogtag%.log"
    *.* -?collector


Almost all the logs are sent to the remote server, which applies partially my template and is creating files based on it:

Code: Select all
  /var/log/collector/myclientserver
    2017_11_22_myclientserver_.log
    2017_11_22_myclientserver_CRON.log
    2017_11_22_myclientserver_chef-client.log
    2017_11_22_myclientserver_crontab.log
    2017_11_22_myclientserver_dbus.log
    2017_11_22_myclientserver_dhclient.log
    2017_11_22_myclientserver_ntpd.log
    2017_11_22_myclientserver_rsyslogd-2359.log
    2017_11_22_myclientserver_rsyslogd.log
    2017_11_22_myclientserver_snapd.log


Problem is, apache logs are not there. What could I be missing? Thanks In advance.
sdilazzaro
New
 
Posts: 2
Joined: Fri May 12, 2017 2:29 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 3 guests

cron