Difference between revisions of "Rsyslog Server"
From The Linux Source
(Created page with "1. Save original version of rsyslog.conf<br> Note: do not overwrite if rsyslog.conf-original already exists, it should already be there from the company image, so this step is...") |
|||
| Line 4: | Line 4: | ||
2. Update /etc/rsyslog.conf<br> | 2. Update /etc/rsyslog.conf<br> | ||
| − | Make sure the following is enabled/uncommented | + | 2a. Make sure the following is enabled/uncommented |
# Use traditional timestamp format | # Use traditional timestamp format | ||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | ||
| − | Add the following line to end of ModLoad/MODULES section | + | 2b. Add the following line to end of ModLoad/MODULES section to enable the desired server mode |
| + | UDP: | ||
# UDP server module | # UDP server module | ||
$ModLoad imudp | $ModLoad imudp | ||
# enable UDP server and port | # enable UDP server and port | ||
$UDPServerRun 514 | $UDPServerRun 514 | ||
| − | Add the following line to the beginning of the logging/RULES section (before #kern.* line); | + | OR TCP: |
| + | # TCP server module | ||
| + | $ModLoad imtcp | ||
| + | # enable TCP server and port | ||
| + | $InputTCPServerRun 514 | ||
| + | 2c. Add the following line to the beginning of the logging/RULES section (before #kern.* line); | ||
# log all to mySql | # log all to mySql | ||
*.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA | *.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA | ||
Revision as of 15:41, 22 May 2017
1. Save original version of rsyslog.conf
Note: do not overwrite if rsyslog.conf-original already exists, it should already be there from the company image, so this step is normally skipped
# cp -p /etc/rsyslog.conf /etc/rsyslog.conf-original
2. Update /etc/rsyslog.conf
2a. Make sure the following is enabled/uncommented
# Use traditional timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
2b. Add the following line to end of ModLoad/MODULES section to enable the desired server mode
UDP: # UDP server module $ModLoad imudp # enable UDP server and port $UDPServerRun 514 OR TCP: # TCP server module $ModLoad imtcp # enable TCP server and port $InputTCPServerRun 514
2c. Add the following line to the beginning of the logging/RULES section (before #kern.* line);
# log all to mySql *.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA
3. Restart rsyslog service
ENT 7 # systemctl start rsyslog BEFORE Ent 7 # service rsyslog restart
