Difference between revisions of "RSYSLOG"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 4: | Line 4: | ||
To receive logs from NXFilter for remote parsing, because users be doin' stuff! | To receive logs from NXFilter for remote parsing, because users be doin' stuff! | ||
===Commands=== | ===Commands=== | ||
| − | For me rsyslog was already installed from the minimal install package, just needed to update the config file. In this case I am running on the same server NXFilter is running on. | + | For me rsyslog was already installed from the minimal install package, just needed to update the config file. In this case I am running on the same server NXFilter is running on.<ref>https://www.rsyslog.com/tag/ruleset/</ref> |
*Check that the following entries are set correctly. | *Check that the following entries are set correctly. | ||
/etc/rsyslog.conf | /etc/rsyslog.conf | ||
<pre> | <pre> | ||
| − | + | Ruleset (name="nxfilter") {Action (type="omfile" file="/var/log/nxfiltersys.log")} | |
| − | |||
| − | |||
# Provides UDP syslog reception | # Provides UDP syslog reception | ||
$ModLoad imudp | $ModLoad imudp | ||
$UDPServerRun 514 | $UDPServerRun 514 | ||
| − | + | Input (type="imudp" port="514" ruleset="nxfilter") | |
| + | </pre> | ||
Revision as of 10:02, 3 April 2018
CentOS 7
Purpose
To receive logs from NXFilter for remote parsing, because users be doin' stuff!
Commands
For me rsyslog was already installed from the minimal install package, just needed to update the config file. In this case I am running on the same server NXFilter is running on.[2]
- Check that the following entries are set correctly.
/etc/rsyslog.conf
Ruleset (name="nxfilter") {Action (type="omfile" file="/var/log/nxfiltersys.log")}
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Input (type="imudp" port="514" ruleset="nxfilter")
