Skip to content

Instantly share code, notes, and snippets.

@mjcreativeventures

mjcreativeventures/rsyslog.conf Secret

Created February 15, 2016 05:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mjcreativeventures/d1ec0cf4778c52f5b0f0 to your computer and use it in GitHub Desktop.
Save mjcreativeventures/d1ec0cf4778c52f5b0f0 to your computer and use it in GitHub Desktop.
Download ZIP
RSyslog Configuration File for Web Server Machine
Raw
rsyslog.conf
#!/etc/rsyslog.conf
# Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser adm # changed from syslog otherwise syslog user
$PrivDropToGroup adm # doesn't have permission to access the nginx logs
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
$ModLoad omrelp
*.* :omrelp:192.168.1.4:20514
@shadycuz
Copy link

shadycuz commented Feb 5, 2017

I followed your guide http://mark-kay.net/2013/12/16/setting-up-a-central-logging-server-with-rsyslog/ , on two different servers and it works but it doesn't just send the nginx logs, it sends them all.

root@Webhost:/var/log/remote/45xx.xxx.xx.xxx# ls
nginx.log  rsyslogd-2007.log  rsyslogd-2145.log  rsyslogd-2307.log  rsyslogd.log
root.log   rsyslogd-2039.log  rsyslogd-2222.log  rsyslogd-3003.log  systemd.log

and

root@Webhost:/var/log/remote/Webhost# ls
apps.plugin.log  clamd.log  dovecot.log  postfix.log    sshd.log  su.log       systemd-logind.log
auth.log         CRON.log   named.log    saslauthd.log  sudo.log  systemd.log

That is for the one server, as you can see I get a folder with the ip of the remote nginx server and the nginx log...plus others, and I also have another folder from the local server with copies of the local logs?

I would like to only get the 1 nginx log from the remote server and also stop getting copies of the local logs. Any Advice?

Thanks,
Levi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment