25 Nov

rsyslog v7 for ubuntu 12.04 precise

I wanted to take a look at the latest rsyslog stuff but the current ubuntu releases only have v5 package.

So I created an updated ppa for this.

This ppa also has updated packages for libee, libestr, librelp that are needed for the latest rsyslog.

Launchpad link for the ppa.

https://launchpad.net/~tmortensen/+archive/rsyslogv7

 

To use it you can also just use the following commands,

# sudo add-apt-repository ppa:tmortensen/rsyslogv7
# sudo apt-get update && sudo apt-get install rsyslog
 
 
I referenced the debian package to make these.
Many thanks go out to the original debian maintainer for rsyslog.  He did most of the work needed to get these created. 

 

05 Mar

remote syslog via rsyslogs relp module

This is a config for rsyslogd with RELP

I am setting up rsyslog to send all of its logs to a remote log collection server where I will store them on disk.

Later I will talk about how I have used logstash to pull in these files once on the system.

I won’t bother posting the default lines almost all rsyslog config files will have.

I setup some basic udp collectors for legacy devices

$ModLoad imudp
$UDPServerAddress 0.0.0.0
$UDPServerRun 514

Then load the relp module to provide more reliable tcp logging.  I am going to have mine communicate on tcp port 1088

$ModLoad imrelp
$InputRELPServerRun 1088

The other two custom options I have set are for preserving fqdn because I need the full name to differentiate devices in different cities.

$PreserveFQDN on

I also tun off the message reduction to allow the systems I plan to implements better count messages.

$RepeatedMsgReduction off

Now on the client side all I have to do is include the relp module again and forward all messages via *.*

$ModLoad omrelp
*.* :omrelp:remotesyslog.example.org:1088;RSYSLOG_ForwardFormat

I am also using the RSYSLOG_ForwardFormat to preserve the severity and priority when the message is sent.