Solved

rsyslog - messages file ONLY local logs

Posted on 2011-03-17
4
1,145 Views
Last Modified: 2012-05-11
I have set up a remote syslog server on rhel5.  It is working great, but here is the one thing that bothers me.


it seems rsyslog created a directory for the local machine in /var/log/rsyslog and it writing the local machines logs there while /var/log/messages gets all the logs from every client.

Is there a way to keep the local logs in /var/log/messages and NOT all the clients?

BTW, all the cisco clients get their own directory in /var/log/rsyslog as well.

Hope I explained this right, I am rushing.
0
Comment
Question by:savone
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 35163179
Can you post your current config file:
/etc/rsyslog.conf
0
 
LVL 23

Author Comment

by:savone
ID: 35164494
here is my current config file:


# cat /etc/rsyslog.conf
$ModLoad imuxsock.so      # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)

$ModLoad imudp.so
$UDPServerAddress 10.0.0.4
$UDPServerRun 514
$ModLoad imtcp.so  
$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template DynaFile,"/var/log/rsyslog/%HOSTNAME%/%HOSTNAME%_%$MONTH%-%$DAY%-%$YEAR%.log"

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

authpriv.*                                              /var/log/secure

mail.*                                                  -/var/log/maillog

cron.*                                                  /var/log/cron

*.emerg                                                 *

uucp,news.crit                                          /var/log/spooler

local7.*                                                /var/log/boot.log

*.* -?DynaFile
0
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 35164867
Your messagess are written twice - once to local (root) logs and once to subfolder log. For logging only local messages to root logs try the following code.

You must use property-based filters:
http://www.rsyslog.com/doc/rsyslog_conf_filter.html

Note:
- only the last part of your configuration is repeated here
- that the order of the rules is important and "127.0.0.1" should be replaced with whatever your hostname is (what is the name of the subfolder in /var/log/rsyslog/ that contains your localhost messages).
- the ! negates the isequal comparison
- ~ ends the processing of rules for matched syslog events

So all messages are writen to the %HOSTNAME% subfolder. Then all events that do NOT match localhost stop processing. Localhost messages procede with additional rules.
$template DynaFile,"/var/log/rsyslog/%HOSTNAME%/%HOSTNAME%_%$MONTH%-%$DAY%-%$YEAR%.log"
*.* -?DynaFile
:HOSTNAME, !isequal, "127.0.0.1" ~
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

Open in new window

0
 
LVL 23

Author Closing Comment

by:savone
ID: 35165754
THANKS! Great answer and the explanation is VERY much appreciated.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now