Jason Lixfeld
2015-06-13 17:18:18 UTC
I was working on trying to get my rsyslog configuration working with observium as well as preserving my configuration for logging inbound logs to files based on the sender’s hostname so Splunk could eat them.
It was a bit of a pain, so I thought I’d share incase anyone else found it useful:
# /etc/rsyslog.d/30-remote.conf
#
# Based on a default rsyslog.conf file from Debian Jessie (8)
#
module(load="omprog")
module(load="imtcp")
module(load="imudp”)
template(name="observium" type="string" string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
template(name="hostname" type="string" string="/var/log/remote/%HOSTNAME%.log”)
ruleset(name="remote"){
action(type="omprog" binary="/opt/observium/syslog.php" template="observium")
action(type="omfile" dynafile="hostname")
}
input(type="imtcp" port="601" ruleset="remote")
input(type="imudp" port="514" ruleset="remote”)
#<EOF>
It was a bit of a pain, so I thought I’d share incase anyone else found it useful:
# /etc/rsyslog.d/30-remote.conf
#
# Based on a default rsyslog.conf file from Debian Jessie (8)
#
module(load="omprog")
module(load="imtcp")
module(load="imudp”)
template(name="observium" type="string" string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
template(name="hostname" type="string" string="/var/log/remote/%HOSTNAME%.log”)
ruleset(name="remote"){
action(type="omprog" binary="/opt/observium/syslog.php" template="observium")
action(type="omfile" dynafile="hostname")
}
input(type="imtcp" port="601" ruleset="remote")
input(type="imudp" port="514" ruleset="remote”)
#<EOF>