Quick configurate the setting of logging remote devices' log via rsyslog in Pi Linux by below steps :
1. Remove # for UDP reception instead of TCP
module(load="imudp")
input(type="imudp" port="514")
* some NAS devices just supported UDP to send remote log data via udp
2. Define template for remote loggin
template (name="RemoteLogs"type="string"string="/var/log/remote/%HOSTNAME%/keylog.log")
* usable Rsyslog message properties : HOSTNAME, PROGRAMNAME (service/user...)
* put the defition of rule in the end of configuration setting instead
3. Set Rule for filter and sort required log data
if $HOSTNAME != "ray-raspberry" and ($PROGRAMNAME == "root" or $PROGRAMNAME == "nobody")then*.* -?RemoteLogs
* eg. filter out local host "ray-raspbery" and filter in program user / service log of "root" (logger) or nobody" (transmission)
4. Stop the process once the file wrote
& ~
5. Test the Conf. scription in bash commend
~ $ rsyslogd -N1 -f /etc/rsyslog.conf
ps. the right message if the conf. is correct and valid
rsyslogd: version 8.1901.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
6. Restart Rsyslog to apply for the change in bash commend
~ $ sudo systemctl restart rsyslog
Remark :
No comments:
Post a Comment