Monday, December 12, 2022

Rsyslog Configuration in Pi Log Server to Log Remote NAS Clients / Devices

Quick configurate the setting of logging remote devices' log via rsyslog in Pi Linux by below steps : 


1. Remove # for UDP reception instead of TCP 

module(load="imudp")
input(type="imudp" port="514")
* some NAS devices just supported UDP to send remote log data via udp

2. Define template for remote loggin

template (
    name="RemoteLogs"
    type="string"
    string="/var/log/remote/%HOSTNAME%/keylog.log"
)

* usable Rsyslog message properties : HOSTNAME, PROGRAMNAME (service/user...)
* put the defition of rule in the end of configuration setting instead

3. Set Rule for filter and sort required log data 

if $HOSTNAME != "ray-raspberry" and ($PROGRAMNAME == "root" or $PROGRAMNAME == "nobody") 
then 
*.* -?RemoteLogs

* eg. filter out local host "ray-raspbery" and filter in program user / service log of "root" (logger) or nobody" (transmission)

4. Stop the process once the file wrote 

& ~

5. Test the Conf. scription in bash commend 

~ $ rsyslogd -N1 -f /etc/rsyslog.conf

ps. the right message if the conf. is correct and valid

rsyslogd: version 8.1901.0, config validation run (level 1), master config /etc/rsyslog.conf

rsyslogd: End of config validation run. Bye.


6. Restart Rsyslog to apply for the change in bash commend

~ $ sudo systemctl restart rsyslog


Remark : 



   

No comments:

Post a Comment