Hi, Thanks a lot for your reply. I've made some changes in the client rsyslog.conf file related to imfile. Now i'm not getting any compilation errors.
Server and client installed OS - Red Hat Enterprise Linux Server release 6.4 (Santiago), 64 bit
Here is the client configuration file,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++
# cat /etc/rsyslog.conf
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Save yum logs
local3.notice /var/log/yum.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip
ort, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
##################################################################
# This sends all sudo messages to secure log
local2.notice /var/log/secure
##################################################################
# Network logging
##################################################################
# This sends all messages with err level, except auth, to loghost
*.err;auth.none @192.168.56.30
# This sends all security messages to loghost
auth.debug @192.168.56.30
# This sends all sudo messages to loghost
local2.notice @192.168.56.30
##################################################################
*.err;authpriv.none @@192.168.56.30
& ~
# This sends all security messages to loghost
authpriv.* @@192.168.56.30
& ~
# This sends all sudo messages to loghost
local2.notice @@192.168.56.30
& ~
#imfile log forwarding lines below
$InputFileName /var/log/yum.log
$InputFileTag myapp
$InputFileStateFile myapp-file1
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor
$InputFilePollInterval 10
$InputFilePersistStateInterval 1000
# This is to send yum log to loghost, not sure this is required or not.
local3.info @@192.168.56.30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++
Three more doubts,
1> Is it possible to forward a live file to syslog server?
2> Do i need to rotate the logs (log rotate) which i want to forward?
3> The imfile module can be added to /etc/rsyslog.conf or is there any recommendations to put the configuration in a separate file? If yes, how it can be configured as a separate file?
Also there could be some additions need to perform at server end when we need to forward a new log file i believe.
Please see my server configuration file also,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++
# cat /etc/rsyslog.conf
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imfile
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$MainMsgQueueSize 50000
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip
ort, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
#### MODULES ####
$ModLoad imtcp.so
$ModLoad imudp.so
# Provides TCP syslog reception
$Ruleset RSYSLOG_DefaultRuleset
#### GLOBAL DIRECTIVES ####
$MainMsgQueueSize 50000
# Use default timestamp format
$Ruleset log
$template HostAuth, "/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/secure.l
authpriv.* -?HostAuth
$template HostAudit,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/sudo.log
local2.* -?HostAudit
$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages.l
*.err;authpriv.none -?DynFile
$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%DAY%/yum.log
local3.* -?DynFile
$InputTCPServerBindRuleset log
$InputTCPServerRun 514
$InputUDPServerBindRuleset log
$UDPServerRun 514
$Ruleset RSYSLOG_DefaultRuleset
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++
I'm so worried about the below lines,
$template DynFile,"/var/log/syslog/%HOSTNAME%/%$YEAR%/%$MONTH%/%DAY%/yum.log
local3.* -?DynFile
I hope the first line is correct but not sure about "local3.* -?DynFile"
DyneFile can be used for yum.log? or for any log files?
Is there anything more need to do at server and client end? or total configuration for yum.log is incorrect?
This is the first time i'm configuring rsyslog, the goal is i need to forward yum.log file to rsyslog server at the mentioned path in template.
This is the latest file which forwarded from client,
[root@bash_server ~]# cd /var/log/syslog/yumreposerver/2014/10/18/
[root@bash_server 18]# ls
secure.l
Can you please check and guide me to do this?
Thanks // George