Difference between revisions of "Ubuntu Syslog Server"
m (→Discard) |
m (→Property-Based Filters) |
||
Line 35: | Line 35: | ||
Property-based filters are unique to rsyslogd. They allow to | Property-based filters are unique to rsyslogd. They allow to | ||
filter on any property, like HOSTNAME, syslogtag and msg. | filter on any property, like HOSTNAME, syslogtag and msg. | ||
− | : | + | ;isequal:Compares the "value" string provided and the propâ |
erty contents. These two values must be exactly | erty contents. These two values must be exactly | ||
equal to match. | equal to match. |
Revision as of 17:20, 14 March 2013
Contents
Installation
Installer rsyslog med
aptitude install rsyslog -y
Configuration
Tillad UDP syslog pakker at komme ind til maskinen. Normalt er syslog kun sat op til interne log beskeder.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
opret en folder i /var/log/cisco med mkdir -p /var/log/cisco
opret en fil der hedder /etc/rsyslog.d/99-cisco.conf og smid noget indhold i den:
# Log syslog messages recieved from the network $template DynFile,"/var/log/cisco/%$year%%$month%%$day%.log" :fromhost-ip, isequal, "172.16.4.19" ?DynFile :fromhost-ip, isequal, "172.16.4.19" ~
reload rsyslog med service rsyslog reload
Config forklaring
Discard
If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you
want to filter out some annoying messages that otherwise would
fill your log files. To do that, place the discard actions early
in your log files. This often plays well with property-based
filters, giving you great freedom in specifying what you do not
want.
Discard is just the single tilde character with no further
parameters.
Example:
- .* ~ # discards everything.
Property-Based Filters
Property-based filters are unique to rsyslogd. They allow to filter on any property, like HOSTNAME, syslogtag and msg.
- isequal
- Compares the "value" string provided and the propâ
erty contents. These two values must be exactly equal to match.
Cisco config
logging nms.domain.com logging trap 5 logging source-interface fa0/1