$ModLoad imuxsock.so
$ModLoad imklog.so
# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.*
/var/log/secure
mail.*
-/var/log/maillog
ftp.*
/var/log/vsftpd.log
cron.*
/var/log/cron
*.emerg
*
uucp,news.crit
/var/log/spooler
local7.*
/var/log/boot.log
$template
DailyPerHostLogs,"/var/log/rsyslog/Rsyslog-%$YEAR%-%$MONTH%-%$DAY%.log"
*.* -?DailyPerHostLogs;
Syslog-Cient
*.* @@sylogserverip:514
FTP log to Syslog server
Add the below line into
vsftpd.conf
Syslog_enable=YES
Vim /etc/rsyslog.conf
ftp.* /var/log/vsftpd.log
(# above line is to maintain the log in vsftpd.log also)
HTTP logs
configuration: For error logs only
In Client
Vim
/etc/httpd/conf/httpd.conf
#Modify the below line
ErrorLog syslog:local1
vim /etc/rsyslog.conf
local1.* /var/log/httpd_error_crit
MySQL logs
configuration:
In Client
Vim /etc/my.cnf
#Add the below line after
[mysqld_safe]
syslog
#service rsyslog restart
No comments:
Post a Comment