notes:rsyslog
Howto get syslog data from remote hosts split up into separate log files.
# provides UDP syslog reception
module(load="imudp")
#input(type="imudp" port="514")
input(type="imudp"
port="514"
ruleset="writeRemoteDataHosts")
Create a separate file per host
ruleset(name="writeRemoteData"
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
) {
action(type="omfile" file="/var/log/remote-logs/remote.log"
ioBufferSize="64k" flushOnTXEnd="off"
asyncWriting="on")
}
template(name="logPerHost" type="string" string="/var/log/remote-logs/%FROMHOST%.log")
ruleset(name="writeRemoteDataHosts"
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
) {
action(type="omfile" dynaFile="logPerHost"
ioBufferSize="64k" flushOnTXEnd="off"
asyncWriting="on")
}
notes/rsyslog.txt · Last modified: by david