Part 2: Important configuration part in WinSyslogīasically, you can use any WinSyslog configuration. Then only this specific action will use the template. Instead of using the template as default for all forwarding rules, you could instead add a semicolon after the port in the action and add the template name here. You might have a different configuration as basis and might adapt things. Instead of x you need to use the IP of course. This tells rsyslog to forward all messages via UDP to our central syslog server. The directive has to be followed by the template name of course.įinally, we have our action. Since we do nothing else than forwarding here, we use $ActionForwardDefaultTemplate to make our template default for every forwarding action we might use. A linebreak is only shown due to website limits. Please note, that the template shown here is in one line. It works as a identifier for the receiver for the encoding format. Only difference is the %$BOM% that is used right before the message. The rest after the comma is the format for default syslog forwarding. Here “mytemplate” is the name of the template. With $template we will define the format of the message that we will be sending. Of course you can set different modules, too. The modules loaded here are the basic modules needed for local logging. $template mytemplate,"%TIMESTAMP:::date-rfc3339%%HOSTNAME% %SYSLOGTAG:1:32%%msg:::sp-if-no-1st-sp%%BOM%%msg%" $ActionForwardDefaultTemplate mytemplate *.* $ModLoad directive loads the modules. The configuration should look like this: $ModLoad immark.so In our example, we will keep this very simple, since we only want to forward messages to a different syslog server. We need to configure rsyslog to insert the BOM into a message.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |