0

I got a little problem, i try to use rsyslog for both local and remote log from a server. Since i use this configuration to get the remote log, my local logs are empty.

Any help please ? is it the *.* wrong on the remote log sophos.log ?

-rw-------. 1 root root 0 28 juil. 14:51 spooler -rw-------. 1 root root 0 28 juil. 14:51 secure -rw-------. 1 root root 0 28 juil. 14:51 messages -rw-------. 1 root root 0 28 juil. 14:51 maillog -rw-------. 1 root root 0 28 juil. 14:51 cron

Configuration for the remote log coming the firewall box

module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") $AllowedSender TCP, 10.1.0.69 $template RemoteLogs,"/data/sophos/%HOSTNAME%/sophos.log" *.* ?RemoteLogs & ~

Configuration for the local logs :

*.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
Improve this question
0

1 Answer 1

Reset to default
0

Thank you so much Meuh, it works very well, the local log is working again with the ruleset linked to the output, the solution :

module(load="imudp") # needs to be done just once input(type="imudp" port="514" ruleset="remote") ruleset(name="remote"){ $template RemoteLogs,"/data/sophos/%HOSTNAME%/sophos.log" *.* ?RemoteLogs }
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.