Syslog configuration in Redhat linux
I have configured syslog server in Redhat linux but now i want to create a separate file for each client who are sending logs to syslog server.
Please suggest if it is possible. |
Rsyslogd (see the documentation or the rsyslogd web site wrt templates) and syslog-ng are capable of doing that but the "traditional" syslog daemon isn't.
So until you clarify which one you use the answer is "it depends" ;-p |
Thanks Mate.
I am trying to configure centralized logging for VMware ESX servers on RHEL5 but facing issue in log filtering. Logs are coming to single file only. Suppose log pattern of VMWare logs are: - 2013-02-06T17:05:35.360Z station1 vmkwarning: cpu8:2196)WARNING: NMP: vmk_NmpSatpIssueTUR:1018:Device naa.60060e80164cd50000014cd50000a210 path vmhba1:C0:T0:L16 has been unmapped from the array 2013-02-06T17:05:35.360Z station1 vmkernel: cpu8:2196)WARNING: NMP: vmk_NmpSatpIssueTUR:1018:Device naa.60060e80164cd50000014cd50000a210 path vmhba1:C0:T0:L16 has been unmapped from the array 2013-02-06T17:05:35.360Z station1 vmkwarning: cpu2:4914516)WARNING: NMP: vmk_NmpSatpIssueTUR:1018:Device naa.60060e80164cd50000014cd50000a211 path vmhba1:C0:T0:L17 has been unmapped from the array 2013-02-06T17:05:35.360Z station1 vmkernel: cpu2:4914516)WARNING: NMP: vmk_NmpSatpIssueTUR:1018:Device naa.60060e80164cd50000014cd50000a211 path vmhba1:C0:T0:L17 has been unmapped from the array 2013-02-06T17:01:07.862Z station2 Vpxa: [FFF05B90 verbose 'Default'] Set internal stats for VM: 4 (vpxa VM id), 36757 (vpxd VM id). Is FT primary? 0 2013-02-06T17:01:07.863Z station2 Vpxa: [FFF05B90 verbose 'Default'] Set internal stats for VM: 6 (vpxa VM id), 57881 (vpxd VM id). Is FT primary? 0 2013-02-07T01:42:30.200Z station2 Hostd: [63962B90 verbose 'SoapAdapter'] Responded to service state request 2013-02-07T01:42:42.627Z station2 Hostd: [63E5FB90 verbose 'DvsManager'] PersistAllDvsInfo called 2013-02-07T01:42:42.935Z station3 Hostd: [63921B90 verbose 'DvsTracker'] FetchSwitches: added 2 items Here i want to create different file for each filter i.e. Hostd: vmkwarning: vmkernel: Vpxa: MY syslog configuration for remote loging is Quote:
|
Quote:
|
Actually i have not done anything to fix the issue. Just i am seeking information if someone can help me to solve my issue by suggesting parameter in my current configuration.
Currently logging is happening successfully but i want to differentiate the logs on the basis of client logs content. Please suggest if it is possible in my rsyslog configuration |
Prohibit messages from hitting the next filter with "& ~". Please confirm if that works. If it doesn't then 0) check your system logs for clues, 1) run a check (see 'man rsyslog.conf' for "-d" and "-N") and 2) post debug output and your complete /etc/rsyslog.conf and /etc/rsyslog.d/ contents.
|
Please find the rsyslog.conf
Quote:
Quote:
and debug output Quote:
|
Thanks for giving me hint and finally got the solution.
Just little change i need to perform on rsyslog.conf. My configuration file is Quote:
|
All times are GMT -5. The time now is 12:56 PM. |