Difference between revisions of "Rsyslog Server"

From The Linux Source
Jump to: navigation, search
(Created page with "1. Save original version of rsyslog.conf<br> Note: do not overwrite if rsyslog.conf-original already exists, it should already be there from the company image, so this step is...")
 
Line 4: Line 4:
  
 
2. Update /etc/rsyslog.conf<br>
 
2. Update /etc/rsyslog.conf<br>
Make sure the following is enabled/uncommented;
+
2a. Make sure the following is enabled/uncommented
 
  # Use traditional timestamp format
 
  # Use traditional timestamp format
 
  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
  $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Add the following line to end of ModLoad/MODULES section;
+
2b. Add the following line to end of ModLoad/MODULES section to enable the desired server mode
 +
UDP:
 
  # UDP server module
 
  # UDP server module
 
  $ModLoad imudp
 
  $ModLoad imudp
 
  # enable UDP server and port
 
  # enable UDP server and port
 
  $UDPServerRun 514
 
  $UDPServerRun 514
Add the following line to the beginning of the logging/RULES section (before #kern.* line);
+
OR TCP:
 +
# TCP server module
 +
$ModLoad imtcp                                                                 
 +
# enable TCP server and port
 +
$InputTCPServerRun 514                                                         
 +
2c. Add the following line to the beginning of the logging/RULES section (before #kern.* line);
 
  # log all to mySql
 
  # log all to mySql
 
  *.*      :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA
 
  *.*      :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA

Revision as of 16:41, 22 May 2017

1. Save original version of rsyslog.conf
Note: do not overwrite if rsyslog.conf-original already exists, it should already be there from the company image, so this step is normally skipped

# cp -p /etc/rsyslog.conf /etc/rsyslog.conf-original

2. Update /etc/rsyslog.conf
2a. Make sure the following is enabled/uncommented

# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

2b. Add the following line to end of ModLoad/MODULES section to enable the desired server mode

UDP:
# UDP server module
$ModLoad imudp
# enable UDP server and port
$UDPServerRun 514
OR TCP:
# TCP server module
$ModLoad imtcp                                                                  
# enable TCP server and port
$InputTCPServerRun 514                                                          

2c. Add the following line to the beginning of the logging/RULES section (before #kern.* line);

# log all to mySql
*.*       :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA

3. Restart rsyslog service

ENT 7
# systemctl start rsyslog
BEFORE Ent 7
# service rsyslog restart