Hi Experts,
I have a centralized logging server configured using rsyslog with the following parameters:
Syslog server:
[root@SYSLOGMASTER log]# cat /etc/rsyslog.conf | grep -i "ModLoad imtcp" -A5
$ModLoad imtcp
$InputTCPServerRun 514
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?TmplAuth
[root@SYSLOGMASTER log]#
Syslog client server:
[root@SYS-CLIENT ~]# grep -i "10.0.2.80" /etc/rsyslog.conf
*.* @@10.0.2.80:514
[root@SYS-CLIENT ~]#
Here, the client server is forwarding all the system related logs to the centralized logging node(master). However, forwarding custom application logs (/var/www/html/xxx/abc.log & /var/www/html/yyy/123.log) are not working as expected.
My question is what is the best way to send system logs along with application logs to master server? Appreciate if anyone can provide example syntaxes as well.
configuration of rsyslog to send custom logs
Re: configuration of rsyslog to send custom logs
Most likely because those don't go through rsyslog. Thos look like web application logs (and they're in the wrong place - /var/www/html/xxx/abc.log instead of /var/log/httpd/abc.log - and selinux must be screaming about them).Here, the client server is forwarding all the system related logs to the centralized logging node(master). However, forwarding custom application logs (/var/www/html/xxx/abc.log & /var/www/html/yyy/123.log) are not working as expected.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke