Syslog Server Configuration

Basic Syslog Server Configuration

In rsyslogd, different types of modules can be used:
■ Input modules: These are modules that have a name starting with im. Input
modules are used to specify from where rsyslogd will receive messages.
■ Output modules: These are modules that have a name starting with om. By
default, log messages are sent to the destinations as specified in /etc/rsyslog.
conf. By using output modules, messages can be sent elsewhere, like to a database or to the journal.
■ Other module types: Different other module types exist, such as parser modules, message modification modules, and more.

For more information download rsyslog-doc.

[root@rhce 07]# yum install rsyslog-doc

Minimal Configuration of Syslog Server :

#/etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

$template DynFile, "/var/log/serverlogs/%$YEAR%/%$MONTH%/%HOSTNAME%.log"
*.* ?DynFile

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

Rsyslog can also send logs to the mysql database.  For this we need to import ommysql modules.

Sample configuration.
$ModLoad ommysql
*.* :ommysql:dbhost,dbname,dbuser,dbpassword

For more information about the rsyslog configuration, please visit gentoo.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.