n00b rsyslog.conf question - how to separate local syslog from network appliance syslog?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I have several network appliances, and I want aggregate their syslog
output for later analysis.  Eventually I might think about a Splunk
box, but for the interim I'm hoping to just build a CentOS 6 syslog
server and have it aggregate everything on it for quick review.

I installed rsyslog and am looking through the /etc/rsyslog.conf file
for what I configure to (a) listen for syslog input from other devices
(UDP port 514 is fine), (b) make a log, and (c) log rotate files.

(a) I see in there (if I comment it out)

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

(Obviously add an iptables rule to let this traffic in)

(b) I see options in there, but  am not sure how to separate the local
logs from the remote logs.  Is it something like the following?

*.*;local6.none;
auth,authpriv.none        -/var/log/syslog

(c) I understand I can do if I edit
/etc/logrotate.d/MyNetworkAppliance.log.  This isn't as big of a
concern right now.  Just trying to figure out how to log things
separately.  :/

Any suggestions on what I should do to make this work?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux