LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Rsyslog.conf To Monitor Log File and Send to Remote Server
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-07-2015, 10:57 AM   #1
immolation
LQ Newbie
 
Registered: Jun 2013
Posts: 11

Rep: Reputation: Disabled
Rsyslog.conf To Monitor Log File and Send to Remote Server

Hello! I have configured rsyslog.conf to send to a remote server (Splunk) and, I believe, to monitor a log file. I can successfully send a test message with logger, and Splunk displays all of the "Connection from UDP" messages from the server. However, lines from the log file listed are not displayed.

rsyslog.conf:
Code:
$template msgonly,"<%PRI%>%msg:2:2048%"
$ModLoad imuxsock
$ModLoad imklog

$ActionFileDefaultTemplate RSYSLOG_TraditionalFleFormat
$IncludeConfig /etc/rsyslog.d/*.conf

*.err;mail.none;authpriv.none;cron.none           @rloghost
authpriv.*                                        /var/log/secure
mail.*                                            -/var/log/maillog
cron.*                                            /var/log/cron
*.emerg                                           *
uucp,news.crit                                    /var/log/spooler

$ModLoad imfile
$InputFileName /var/log/messages
$InputFileTag messages-log
$InputFileStateFile stat-messages-log
$InputFileSeverity info
$InputFileFacility local1
$InputRunFileMonitor
*.* @<Splunk IP>:514
Generally I would try to do this with a Splunk Forwarder and inputs.conf, but I'd like to get it working with rsyslog for this environment. Let me know if any additional information would be beneficial and thank you!
 
Old 12-07-2015, 02:09 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
http://www.linuxquestions.org/questi...og-4175557863/
Post 2 is the what.
Post 3 is the where.
Last edited by Habitual; 12-07-2015 at 05:33 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
send mysql log to remote central server niteen CentOS 5 11-24-2015 09:48 AM
forwarding a new log file to rsyslog server george_john Linux - Newbie 3 11-12-2014 07:10 AM
[SOLVED] Send syslog log to rsyslog server? is possible? JohnV2 Slackware 9 10-13-2011 01:37 PM
[SOLVED] I can send syslog log to rsyslog server? how? JohnV2 Linux - Server 6 10-13-2011 08:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:05 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration