Mailing List Archive: rsyslog configuration (remote loging, tls, log level)

rsyslog configuration (remote loging, tls, log level)

Oct 30, 2019, 4:05 AM

Post #1 of 4 (317 views)

Hi,
I would like to ask you about few things:

1. Config
I got something like this on client:

module(load="imuxsock") # provides support for local system logging
module(load="imklog")

global(
DefaultNetstreamDriver="ossl"
DefaultNetstreamDriverCAFile="/tmp/certs/ca.pem"
DefaultNetstreamDriverCertFile="/tmp/certs/cert.pem"
DefaultNetstreamDriverKeyFile="/tmp/certs/key.pem"
)

$template TraditionalFormat,"%timegenerated% %HOSTNAME%
%syslogtag%%syslogpriority-text%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$RepeatedMsgReduction on

action(
template="TraditionalFormat"
type="omfwd"
Target="192.168.1.10"
Protocol="tcp"
Port="6514"
StreamDriver="ossl"
StreamDriverMode="1"
StreamDriverAuthMode="x509/certvalid"
)

Remote loging is working but I would like to define log level of sending
logs to server.
Ex. I want to my client send only error messages.
What should I add to this config?

2. Is any possibility to change log level or remote target without restart
whole rsyslog service?

--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Re: rsyslog configuration (remote loging, tls, log level) [ In reply to ]

rsyslog at lists

Oct 30, 2019, 4:07 AM

Post #2 of 4 (317 views)

Permalink

you can use any filter before the action, e.g.

local7.* action(...)

A config change requires a restart. There are good reasons for it.
Could be changed, but would be very much work (for which nobody has
time).

HTH, if not pls ask again.

Rainer

El mié., 30 oct. 2019 a las 12:05, sch via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hi,
> I would like to ask you about few things:
>
> 1. Config
> I got something like this on client:
>
> module(load="imuxsock") # provides support for local system logging
> module(load="imklog")
>
> global(
> DefaultNetstreamDriver="ossl"
> DefaultNetstreamDriverCAFile="/tmp/certs/ca.pem"
> DefaultNetstreamDriverCertFile="/tmp/certs/cert.pem"
> DefaultNetstreamDriverKeyFile="/tmp/certs/key.pem"
> )
>
> $template TraditionalFormat,"%timegenerated% %HOSTNAME%
> %syslogtag%%syslogpriority-text%%msg:::drop-last-lf%\n"
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> $RepeatedMsgReduction on
>
> action(
> template="TraditionalFormat"
> type="omfwd"
> Target="192.168.1.10"
> Protocol="tcp"
> Port="6514"
> StreamDriver="ossl"
> StreamDriverMode="1"
> StreamDriverAuthMode="x509/certvalid"
> )
>
> Remote loging is working but I would like to define log level of sending
> logs to server.
> Ex. I want to my client send only error messages.
> What should I add to this config?
>
>
> 2. Is any possibility to change log level or remote target without restart
> whole rsyslog service?
>
>
>
> --
> Sent from: http://rsyslog-users.1305293.n2.nabble.com/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Re: rsyslog configuration (remote loging, tls, log level) [ In reply to ]

rsyslog at lists

Oct 30, 2019, 8:28 AM

Post #3 of 4 (317 views)

Permalink

Thanks a lot Rainer for quick response.

1. This filter works! Thanks!

2. Ok, I understand it's not possible to load new config without restart
service.
What about having 2 instances of rsyslogd?
Is it possible?

First one to catch logs on machine and store them in files, with simple cfg
like:

module(load="imuxsock") # provides support for local system logging
module(load="imklog")
$template TraditionalFormat,"%timegenerated% %HOSTNAME%
%syslogtag%%syslogpriority-text%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$RepeatedMsgReduction on
*.* /var/log/all.log;TraditionalFormat

And second one to remote logging with cfg like I mentioned in first post.
Is this gonna work fine?

3. I saw sometines at end of logs appears '#012' it's caused probably by
'\n' sign. Can I do something with it?

Regards
Sebastian

--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Re: rsyslog configuration (remote loging, tls, log level) [ In reply to ]

rsyslog at lists

Oct 30, 2019, 10:42 AM

Post #4 of 4 (317 views)

Permalink

It's trivial to have multiple instances of rsyslogd but you have to be
very specific about who gets what inputs, and be careful that the
instances do not collide. We have many rsyslogd instances per system.
Each has a specific input (high port listener), transformation pipeline,
output set, and telemetry stream to accomplish a single purpose. They
do not have to run as root, and can be defined as individual system
services. This makes control of each totally independent of the others.

Regards,

On 10/30/19 10:28 AM, sch via rsyslog wrote:
> Thanks a lot Rainer for quick response.
>
> 1. This filter works! Thanks!
>
> 2. Ok, I understand it's not possible to load new config without restart
> service.
> What about having 2 instances of rsyslogd?
> Is it possible?
>
> First one to catch logs on machine and store them in files, with simple cfg
> like:
>
> module(load="imuxsock") # provides support for local system logging
> module(load="imklog")
> $template TraditionalFormat,"%timegenerated% %HOSTNAME%
> %syslogtag%%syslogpriority-text%%msg:::drop-last-lf%\n"
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> $RepeatedMsgReduction on
> *.* /var/log/all.log;TraditionalFormat
>
> And second one to remote logging with cfg like I mentioned in first post.
> Is this gonna work fine?
>
> 3. I saw sometines at end of logs appears '#012' it's caused probably by
> '\n' sign. Can I do something with it?
>
> Regards
> Sebastian
>
>
>
> --
> Sent from: http://rsyslog-users.1305293.n2.nabble.com/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.