On Tue, Mar 10, 2009 at 04:28, jack marrow <jackmarrow2@gmail.com> wrote:
> 2009/3/10 Rainer Gerhards <rgerhards@hq.adiscon.com>:
>> Please post configs and elaborate a bit more about what you are trying
>> to accomplish and what you have set up.
>
> I am evaluating rsyslog at the moment.
>
> I would like to know if I can use it for log collection on the client
> for writing on the server. The server must know which log file is
> which.
This is more a "basic understanding of logging" question than one
specific to rsyslog. Generally speaking, log daemons just log what
client apps tell them to - httpd says, "I'm facility 6 and <foo> is my
critical message". If the local log daemon is sending logs upstream,
it will basically tell the upstream server "I'm myhostname and httpd
(facility 6) just said <foo> with a critical priority". If all your
daemons (httpd, vsftpd, etc.) log directly to the local syslog as
opposed to a flat file, things should "just work".
However, if you're configuring your "client" syslog instance to follow
/var/log/httpd/access and retransmit that data to an upstream server,
all that metadata (application name, facility, priority, etc) is lost.
Hence, you must configure your client syslog to inject that data -
with rsyslog, that would be done something like this:
$ModLoad imfile.so
$InputFileName /var/log/httpd/access
$InputFileTag http_access
$InputFilePollIntervalSeconds 5
$InputFileMonitor
*.* @192.168.1.1
That sets up a monitor that polls /var/log/httpd/access every 5
seconds, prepends "http_access" to every line, and sends it via UDP to
192.168.1.1.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com