Hi Pratik Rana
Have you tried linking the same ones together and then stopping execution
like so:
authpriv.* /var/log/secure
& @@172.17.XXX.XXX:11514
& @@10.237.XXX.XXX:11514
& stop
mail.* -/var/log/maillog
& @@172.17.XXX.XXX:11514
& @@10.237.XXX.XXX:11514
& stop
.......
......
....
and so on for all the facilities you are interested in.
Best,
Cyril
--
Universit?t Z?rich
Cyril Stoll
Zentrale Informatik
Stampfenbachstrasse 73
CH-8006 Z?rich
Tel. +41 44 63 5 22 93
www.zi.uzh.ch
Von: "PRATIK RANA via rsyslog" <rsyslog@lists.adiscon.com>
An: rsyslog@lists.adiscon.com
Kopie: "PRATIK RANA" <pratik.capricon23@gmail.com>
Datum: 18/08/2020 08:47
Betreff: [rsyslog] Local logging gets disabled when the connection to
syslog server breaks.
Gesendet von: "rsyslog" <rsyslog-bounces@lists.adiscon.com>
Hi all,
I have two syslog servers at different sites which are receiving logs from
client nodes configured on various sites. All of my client nodes are
configured to send logs to both of these syslog servers. But whenever my
client node gets disconnected to any one of the server node, then the
rsyslog service stops the local logging of the system(i.e is logging into
/var/log/messages etc.) as well.
Here is the rsyslog.conf configuration for my client nodes:
$ModLoad imfile
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
@@172.17. XXX.XXX :11514
authpriv.* @@172.17. XXX.XXX :11514
auth.* /var/log/audit/audit.log
auth.* @@172.17. XXX.XXX :11514
kern.* @@172.17. XXX.XXX :11514
mail.* @@172.17. XXX.XXX :11514
cron.* @@172.17. XXX.XXX :11514
local7.* @@172.17. XXX.XXX :11514
*.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
@@10.237. XXX.XXX :11514
authpriv.* @@10.237.XXX.XXX:11514
auth.* @@10.237. XXX.XXX :11514
kern.* @@10.237. XXX.XXX :11514
mail.* @@10.237. XXX.XXX :11514
cron.* @@10.237. XXX.XXX :11514
local7.* @@10.237. XXX.XXX :11514
$FileCreateMode 0640
--
Regards,
*PRATIK RANA*
*Software Engineer*
*NEC Technologies India*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
Have you tried linking the same ones together and then stopping execution
like so:
authpriv.* /var/log/secure
& @@172.17.XXX.XXX:11514
& @@10.237.XXX.XXX:11514
& stop
mail.* -/var/log/maillog
& @@172.17.XXX.XXX:11514
& @@10.237.XXX.XXX:11514
& stop
.......
......
....
and so on for all the facilities you are interested in.
Best,
Cyril
--
Universit?t Z?rich
Cyril Stoll
Zentrale Informatik
Stampfenbachstrasse 73
CH-8006 Z?rich
Tel. +41 44 63 5 22 93
www.zi.uzh.ch
Von: "PRATIK RANA via rsyslog" <rsyslog@lists.adiscon.com>
An: rsyslog@lists.adiscon.com
Kopie: "PRATIK RANA" <pratik.capricon23@gmail.com>
Datum: 18/08/2020 08:47
Betreff: [rsyslog] Local logging gets disabled when the connection to
syslog server breaks.
Gesendet von: "rsyslog" <rsyslog-bounces@lists.adiscon.com>
Hi all,
I have two syslog servers at different sites which are receiving logs from
client nodes configured on various sites. All of my client nodes are
configured to send logs to both of these syslog servers. But whenever my
client node gets disconnected to any one of the server node, then the
rsyslog service stops the local logging of the system(i.e is logging into
/var/log/messages etc.) as well.
Here is the rsyslog.conf configuration for my client nodes:
$ModLoad imfile
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imjournal # provides access to the systemd journal
$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
@@172.17. XXX.XXX :11514
authpriv.* @@172.17. XXX.XXX :11514
auth.* /var/log/audit/audit.log
auth.* @@172.17. XXX.XXX :11514
kern.* @@172.17. XXX.XXX :11514
mail.* @@172.17. XXX.XXX :11514
cron.* @@172.17. XXX.XXX :11514
local7.* @@172.17. XXX.XXX :11514
*.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
@@10.237. XXX.XXX :11514
authpriv.* @@10.237.XXX.XXX:11514
auth.* @@10.237. XXX.XXX :11514
kern.* @@10.237. XXX.XXX :11514
mail.* @@10.237. XXX.XXX :11514
cron.* @@10.237. XXX.XXX :11514
local7.* @@10.237. XXX.XXX :11514
$FileCreateMode 0640
--
Regards,
*PRATIK RANA*
*Software Engineer*
*NEC Technologies India*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.