LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-16-2011, 10:41 AM   #1
rytec
Member
 
Registered: Mar 2009
Location: Belgium
Distribution: Ubuntu server 12.04 LTS / Raspbian Wheezy
Posts: 64

Rep: Reputation: 7
How to create a separate logfile for host sending logging to rsyslog


After struggling and googling on the internet I can't manage it to work.
I have stup rsyslog to receive the logging from my firewall and it puts it into the syslog file.
But I would like to have a separate logfile for these messages.

I have created the firwall.log file with owner syslog, same as for the syslog file.

I already have tried to use in the /etc/rsyslog.d/10-firewall.conf the following :
:msg, contains, "firewalld" /var/log/firewall.log
or
:msg, contains, "firewalld" -/var/log/firewall.log
I don't know the difference between the "-" sign in the lines but I have seen also those kind of situations.

I also have put this line into the 50-default.conf file because I thought it wasn't seeing the 10-firewall.conf file but no work.

I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.

In the firewall I can see the Syslog facility is now on LOG_LOCAL0 and I can change it from LOCAL0, LOCAL1, LOCAL2, ... until LOCAL7
What does these different numbers mean?

Where does it go wrong ?

Last edited by rytec; 02-16-2011 at 10:53 AM. Reason: extra information
 
Old 02-16-2011, 12:17 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by rytec View Post
Where does it go wrong ?
Most fundamental question. I'd say reading: 'man 3 syslog' (facility: LOG_LOCAL),; 'man syslog.conf' (dash usage), less /usr/share/doc/rsyslog/* and this Rsyslog wiki entry on separating logs: http://wiki.rsyslog.com/index.php/Sy...amic_directory


Quote:
Originally Posted by rytec View Post
I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.
Did you add a line blow your template redirecting messages from remote hosts to your template?
If unsure just post output from 'grep -v ^# /etc/rsyslog.conf|grep .;'.
 
Old 02-16-2011, 02:04 PM   #3
rytec
Member
 
Registered: Mar 2009
Location: Belgium
Distribution: Ubuntu server 12.04 LTS / Raspbian Wheezy
Posts: 64

Original Poster
Rep: Reputation: 7
Quote:
Originally Posted by unSpawn View Post
Did you add a line blow your template redirecting messages from remote hosts to your template?
If unsure just post output from 'grep -v ^# /etc/rsyslog.conf|grep .;'.
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$KLogPath /proc/kmsg
$ModLoad imudp
$UDPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$RepeatedMsgReduction on
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
$IncludeConfig /etc/rsyslog.d/*.conf
$template HostMessages, "/var/log/%HOSTNAME%/logfile.log"
 
Old 02-16-2011, 02:52 PM   #4
rytec
Member
 
Registered: Mar 2009
Location: Belgium
Distribution: Ubuntu server 12.04 LTS / Raspbian Wheezy
Posts: 64

Original Poster
Rep: Reputation: 7
[QUOTE=unSpawn;4260451]Most fundamental question. I'd say reading: 'man 3 syslog' (facility: LOG_LOCAL),; 'man syslog.conf' (dash usage), less /usr/share/doc/rsyslog/* and this Rsyslog wiki entry on separating logs: http://wiki.rsyslog.com/index.php/Sy...amic_directoryQUOTE]

YESS!! thanks for these links, after reading I discoverd some other property replacers to use in /etc/rsyslog.d/10-firewall.conf

:fromhost-ip, contains, "ip.address.from.firewall" /var/log/firewall.log

And I have enabled logrotation for this file.

Thanks!
 
Old 02-17-2011, 12:03 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Great and thanks for marking the thread "solved".

Last edited by unSpawn; 02-17-2011 at 12:08 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Rsyslog not logging routers messages dman777 Linux - Software 9 01-31-2011 06:08 AM
Separate ip for sending different emails eroy4u Linux - Server 6 09-21-2009 05:22 AM
enable separate logging for watchdog Buddhike G Linux - Software 1 04-07-2009 05:32 PM
rsyslog sometimes logs fqdn, sometimes just host name whysyn Linux - Software 3 06-03-2008 11:31 AM
LXer: Enhanced Logging With rsyslog On Debian Etch And phpLogcon For Viewing LXer Syndicated Linux News 0 10-03-2007 08:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration