Hello again, I just installed my new log server and I am configuring to save ALL logs on the log server. On the client side I have rsyslog configured this way: $ cat /etc/rsyslog.conf $ModLoad imuxsock $ModLoad imklog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $RepeatedMsgReduction on $KLogPath /proc/kmsg $WorkDirectory /rsyslog/work $ActionQueueType LinkedList $ActionQueueFileName srvrfwd1 $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on *.* @@logserver On the server side I have syslog-ng: source logs_externs{ tcp(); }; destination rdf_all { file("/var/log/extern/${HOST}/${YEAR}/${MONTH}/"); }; log { source(logs_externs); destination(rdf_all); }; I want to get all the logs on the log servers and then archive each month. This way it doesn't work, how I must configure it? Thanks for all your help. Kind regards.
Josu Lazkano <josu.lazkano@barcelonamedia.org> writes:
Hello again, I just installed my new log server and I am configuring to save ALL logs on the log server. [...] destination rdf_all { file("/var/log/extern/${HOST}/${YEAR}/${MONTH}/"); };
You need to specify a file too, not just a directory: destination rdf_all { file ("/var/log/extern/${HOST}/${YEAR}/${MONTH}/messages.log"); }; This will put everything that comes in, into the appropriate directory, into a file called messages.log. If you want to split the files based on priority, facility or whatever else, that's best done on the server side. For that, you might want to look at filters, and possibly multiple destinations. Though, it's not neccessariy. You could - as an example - use a destination like the following: destination d_split { file ("/var/log/extern/${HOST}/${YEAR}/${MONTH}/${FACILITY}.${PRIORITY}.log"); }; The possibilities are endless! -- |8]
participants (2)
-
Gergely Nagy
-
Josu Lazkano