Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
RSyslog Configuration File for Web Server Machine
#!/etc/rsyslog.conf
# Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser adm # changed from syslog otherwise syslog user
$PrivDropToGroup adm # doesn't have permission to access the nginx logs
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
$ModLoad omrelp
*.* :omrelp:192.168.1.4:20514
@shadycuz

This comment has been minimized.

Show comment
Hide comment
@shadycuz

shadycuz Feb 5, 2017

I followed your guide http://mark-kay.net/2013/12/16/setting-up-a-central-logging-server-with-rsyslog/ , on two different servers and it works but it doesn't just send the nginx logs, it sends them all.

root@Webhost:/var/log/remote/45xx.xxx.xx.xxx# ls
nginx.log  rsyslogd-2007.log  rsyslogd-2145.log  rsyslogd-2307.log  rsyslogd.log
root.log   rsyslogd-2039.log  rsyslogd-2222.log  rsyslogd-3003.log  systemd.log

and

root@Webhost:/var/log/remote/Webhost# ls
apps.plugin.log  clamd.log  dovecot.log  postfix.log    sshd.log  su.log       systemd-logind.log
auth.log         CRON.log   named.log    saslauthd.log  sudo.log  systemd.log

That is for the one server, as you can see I get a folder with the ip of the remote nginx server and the nginx log...plus others, and I also have another folder from the local server with copies of the local logs?

I would like to only get the 1 nginx log from the remote server and also stop getting copies of the local logs. Any Advice?

Thanks,
Levi

shadycuz commented Feb 5, 2017

I followed your guide http://mark-kay.net/2013/12/16/setting-up-a-central-logging-server-with-rsyslog/ , on two different servers and it works but it doesn't just send the nginx logs, it sends them all.

root@Webhost:/var/log/remote/45xx.xxx.xx.xxx# ls
nginx.log  rsyslogd-2007.log  rsyslogd-2145.log  rsyslogd-2307.log  rsyslogd.log
root.log   rsyslogd-2039.log  rsyslogd-2222.log  rsyslogd-3003.log  systemd.log

and

root@Webhost:/var/log/remote/Webhost# ls
apps.plugin.log  clamd.log  dovecot.log  postfix.log    sshd.log  su.log       systemd-logind.log
auth.log         CRON.log   named.log    saslauthd.log  sudo.log  systemd.log

That is for the one server, as you can see I get a folder with the ip of the remote nginx server and the nginx log...plus others, and I also have another folder from the local server with copies of the local logs?

I would like to only get the 1 nginx log from the remote server and also stop getting copies of the local logs. Any Advice?

Thanks,
Levi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment