Hi All, i’ve configured a logserver with Fedora core 16 x86_64 with simply rsyslog:
here’s the configuration file:
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
if $fromhost-ip startswith '172.10.10.' then /var/log/routerboards.log
& ~
if $fromhost-ip startswith '192.168.' then /var/log/netmetros.log
& ~
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
on the routerboard:
i’ve configured a log in the RB as a remote log:
[admin@MikroTik] /system logging> print
Flags: X - disabled, I - invalid
# TOPICS ACTION PREFIX
0 info memory
1 error memory
2 warning memory
3 critical echo
4 info remote
5 account remote
6 hotspot remote
7 web-proxy memory
firewall
8 account memory
9 web-proxy remote
firewall
10 pppoe remote
11 system memory
12 debug remote
13 dhcp remote
14 firewall remote
and the action of remote:
[admin@MikroTik] /system logging action> print
Flags: * - default
# NAME TARGET REMOTE
0 * memory memory
1 * disk disk
2 * echo echo
3 * remote remote 172.10.10.10
Everything seems correct but i receive messages from many other places in the network but not from the routerboard.
question: the routerboard transmits the log messages via TCP or UDP ???
Thanks
MArco