Difference between revisions of "Ubuntu Syslog Server"
m (→Discard) |
m (→Property-Based Filters) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
$UDPServerRun 514 | $UDPServerRun 514 | ||
</pre> | </pre> | ||
| − | opret en folder i /var/log/cisco med '''mkdir -p /var/log/cisco'''<br/><br/> | + | opret en folder i /var/log/cisco med '''mkdir -p /var/log/cisco'''<br/> |
| + | Ændre rettighederne med '''chown syslog:syslog /var/log/cisco'''<br/> | ||
opret en fil der hedder '''/etc/rsyslog.d/99-cisco.conf''' og smid noget indhold i den: | opret en fil der hedder '''/etc/rsyslog.d/99-cisco.conf''' og smid noget indhold i den: | ||
<pre> | <pre> | ||
# Log syslog messages recieved from the network | # Log syslog messages recieved from the network | ||
| − | $template DynFile,"/var/log/cisco/% | + | $template DynFile,"/var/log/cisco/%HOSTNAME%.log" |
:fromhost-ip, isequal, "172.16.4.19" ?DynFile | :fromhost-ip, isequal, "172.16.4.19" ?DynFile | ||
:fromhost-ip, isequal, "172.16.4.19" ~ | :fromhost-ip, isequal, "172.16.4.19" ~ | ||
| Line 35: | Line 36: | ||
Property-based filters are unique to rsyslogd. They allow to | Property-based filters are unique to rsyslogd. They allow to | ||
filter on any property, like HOSTNAME, syslogtag and msg. | filter on any property, like HOSTNAME, syslogtag and msg. | ||
| − | : | + | ;isequal:Compares the "value" string provided and the property contents. These two values must be exactly equal to match. |
| − | |||
| − | equal to match. | ||
=Cisco config= | =Cisco config= | ||
Latest revision as of 17:29, 14 March 2013
Contents
Installation
Installer rsyslog med
aptitude install rsyslog -y
Configuration
Tillad UDP syslog pakker at komme ind til maskinen. Normalt er syslog kun sat op til interne log beskeder.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
opret en folder i /var/log/cisco med mkdir -p /var/log/cisco
Ændre rettighederne med chown syslog:syslog /var/log/cisco
opret en fil der hedder /etc/rsyslog.d/99-cisco.conf og smid noget indhold i den:
# Log syslog messages recieved from the network $template DynFile,"/var/log/cisco/%HOSTNAME%.log" :fromhost-ip, isequal, "172.16.4.19" ?DynFile :fromhost-ip, isequal, "172.16.4.19" ~
reload rsyslog med service rsyslog reload
Config forklaring
Discard
If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you
want to filter out some annoying messages that otherwise would
fill your log files. To do that, place the discard actions early
in your log files. This often plays well with property-based
filters, giving you great freedom in specifying what you do not
want.
Discard is just the single tilde character with no further
parameters.
Example:
- .* ~ # discards everything.
Property-Based Filters
Property-based filters are unique to rsyslogd. They allow to filter on any property, like HOSTNAME, syslogtag and msg.
- isequal
- Compares the "value" string provided and the property contents. These two values must be exactly equal to match.
Cisco config
logging nms.domain.com logging trap 5 logging source-interface fa0/1