Difference between revisions of "Ubuntu Syslog Server"
m (→Discard) |
m (→Discard) |
||
| Line 23: | Line 23: | ||
===Discard=== | ===Discard=== | ||
If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you | If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you | ||
| − | + | want to filter out some annoying messages that otherwise would | |
| − | + | fill your log files. To do that, place the discard actions early | |
| − | + | in your log files. This often plays well with property-based | |
| − | + | filters, giving you great freedom in specifying what you do not | |
| − | + | want. | |
| − | + | Discard is just the single tilde character with no further | |
| − | + | parameters.<br/><br/> | |
| − | + | '''Example:''' | |
| − | |||
| − | |||
*.* ~ # discards everything. | *.* ~ # discards everything. | ||
Revision as of 17:18, 14 March 2013
Installation
Installer rsyslog med
aptitude install rsyslog -y
Configuration
Tillad UDP syslog pakker at komme ind til maskinen. Normalt er syslog kun sat op til interne log beskeder.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
opret en folder i /var/log/cisco med mkdir -p /var/log/cisco
opret en fil der hedder /etc/rsyslog.d/99-cisco.conf og smid noget indhold i den:
# Log syslog messages recieved from the network $template DynFile,"/var/log/cisco/%$year%%$month%%$day%.log" :fromhost-ip, isequal, "172.16.4.19" ?DynFile :fromhost-ip, isequal, "172.16.4.19" ~
reload rsyslog med service rsyslog reload
Config forklaring
Discard
If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you
want to filter out some annoying messages that otherwise would
fill your log files. To do that, place the discard actions early
in your log files. This often plays well with property-based
filters, giving you great freedom in specifying what you do not
want.
Discard is just the single tilde character with no further
parameters.
Example:
*.* ~ # discards everything.
Cisco config
logging nms.domain.com logging trap 5 logging source-interface fa0/1