LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
Reload this Page Configuring more than one custom file in syslog
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 11-03-2015, 08:47 AM   #1
carpannav
LQ Newbie
 
Registered: Jul 2013
Posts: 3

Rep: Reputation: Disabled
Configuring more than one custom file in syslog

Hello,

I've been asked to setup syslog to forward custom log files (different from /var/log/*) to a network machine.
After some googling found the solution for one file, using the next paragraph in /etc/rsyslog.conf:

$ModLoad imfile
$InputFileName /var/log/vco/app-server/warning.log
$InputFileTag vco-warning
$InputFileStateFile stat-vco-warning
$InputFileSeverity warning
$InputFileFacility local3
$InputRunFileMonitor
local3.* @@172.17.11.11:514

But if I try to configure another file (like you can see below), the first stops working and only the second one is forwarded.


$InputFileName /var/log/vco/app-server/catalina.out
$InputFileTag vco-catalina
$InputFileStateFile stat-vco-catalina
$InputFileSeverity warning
$InputFileFacility local4
$InputRunFileMonitor
local4.* @@172.17.11.11:514

Does anyone know how to enable forwarding for more than one custom file to a remote syslog?

Thank you so much!
 
Old 11-04-2015, 01:26 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Here's a 'watchfile' I have from my Archived notes.
It forwards 2 files.
Code:
### edit /etc/rsyslog.d/10-watchfile.conf

# apache error.log
$InputFileName /var/log/apache2/error.log
$InputFileTag apache-errors:
$InputFileStateFile state_file_error_apache
$InputFileFacility local6
$InputFileSeverity info
$InputRunFileMonitor
$InputFilePollInterval 10

# apache access.log
$InputFileName /var/log/apache2/access.log
$InputFileTag apache-access:
$InputFileStateFile state_file_access_apache
$InputFileFacility local6
$InputFileSeverity info
$InputRunFileMonitor
$InputFilePollInterval 10

if $programname == 'apache-access' then @xx.xx.xxx.xxx:514
& stop
if $programname == 'apache-errors' then @xx.xx.xxx.xxx:514
& stop
I abandoned this arrangement in favor of logstash-forwarder.
Hope this is useful for you.
 
1 members found this post helpful.
Old 11-06-2015, 05:32 AM   #3
carpannav
LQ Newbie
 
Registered: Jul 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
It's working now.

I made one mistake. If you put it in the main file it doesn't work. Needs to be in a separate file in /etc/rsyslog.d !!



Thanks Habitual!!!
 
Old 11-06-2015, 08:38 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Rock on. Glad it worked out.
And Welcome to LQ!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog, redirect logging on multiple files with custom name mr.simo Linux - Server 1 05-04-2015 06:29 AM
configuring syslog. manoj.linux Linux - Enterprise 4 01-29-2013 09:46 PM
Configuring syslog dates garyrickert Linux - General 2 09-09-2011 09:11 PM
Configuring syslog and sending file to server alee Linux - Server 10 06-11-2010 03:24 PM
Need assistance for configuring SYSLOG cj_cheema Linux - Server 2 06-15-2008 03:49 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 02:33 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration