Syslog Server Configuration
Contents
Basic Syslog Server Configuration In rsyslogd, different types of modules can be used:
- Input modules: These are modules that have a name starting with im. Input
modules are used to specify from where rsyslogd will receive messages. - Output modules: These are modules that have a name starting with om. By
default, log messages are sent to the destinations as specified in /etc/rsyslog.
conf. By using output modules, messages can be sent elsewhere, like to a database or to the journal. - Other module types: Different other module types exist, such as parser modules, message modification modules, and more. For more information download rsyslog-doc.
[root@rhce 07]# yum install rsyslog-doc
Minimal Configuration of Syslog Server :
#/etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$template DynFile, "/var/log/serverlogs/%$YEAR%/%$MONTH%/%HOSTNAME%.log"
*.* ?DynFile
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
Rsyslog can also send logs to the mysql database. For this we need to import ommysql modules.
Sample configuration.
$ModLoad ommysql
*.* :ommysql:dbhost,dbname,dbuser,dbpassword
For more information about the rsyslog configuration, please visit gentoo .