How to forward specific log file to a remote syslog server?


At this post, I added steps about how to forward specific log file to a remote Syslog server? If you need to forward application logs to your remote Syslog server then check these steps.

Step 1: Get your remote Syslog server IP

Step 2:Configure  Rsyslog File on Application Server

You should enable these two configurations from the application server Syslog config file.

Before:

#$ModLoad imtcp
#$InputTCPServerRun 514

After:

$ModLoad imtcp
$InputTCPServerRun 514

#vi /etc/rsyslog.conf
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg *

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
*.* @10.10.190.82:514
# ### end of the forwarding rule ###

# A template to for higher precision timestamps + severity logging
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

:programname, startswith, "spice-vdagent" /var/log/spice-vdagent.log;SpiceTmpl
*.* @<remotesyslog_serverI>:514

Step 3:Create  Application  Syslog  monitor  config  file

Application  Log File:/appdata/app.log

Application File Tag: APP

# vi /etc/rsyslog.d/app.conf
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$InputFileName /appdata/app.log
$InputFileTag APP
$InputFileStateFile Stat-APP
$InputFileSeverity app
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePersistStateInterval 1000

Step 4: Restart  rsyslog Service

#service  rsyslog restart

 

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Interbank Card Center Of Turkey(BKM). I provide hardware and software support for the IT Infrastructure and Operations tasks.

197 Total Posts
Follow Me

Related Post

10 Comments

  1. Incredible quest there. What happened after? Take care!

  2. Dοes anhyone at %domain% hage any experience ԝith Love tօߋ CBD Marketplace fߋr CBD Brands? I heard good things about it and I aam thinking of listing JustCBD products oon tһіs marketplace but І am not entireⅼy sure ѡhether it iis worth it. I wοuld bbe m᧐st appreciative iif anyone аt %domain% witһ ѕome knowledge off this marketplace could revert to me еither һere oг vіa a DM Mɑny tһanks

  3. We are pleased to announce that Element Earth CBD Shop is now on Love to CBD Marketplace. Here, you can shop our entire CBD product range: https://lovetocbd.com/profile/element-earth-cbd-shop Lowest Price Guarantee Fairly simple and straight forward, ANY price better than ours will be matched, be it from the manufacturer or a retail store. We encourage you even to check out the manufacturer sites as they also have a plethora of information as well. If the price is less than ours incuding shipping if there is any from the competitor just simply email us the link, we email you back a one time code that not only will match the price, but also add and EXTRA discount of the price difference. Very simple, very adventageous. Though we constantly are updated on pricing and promotions manufacturers offer, we price accordingly, but once in a while we may not see something and by all means by telling us, you are also helping us, and you are getting a better price all around. Fast & Free Discreet Shipping… Free Shipping to the continental United States! No price padding to make up for “free shipping”, no gimmicks, ships via USPS and is fulfilled within 24 hours and on the way to you from our own warehouse. https://elementearthcbd.com/

  4. my own blog, I get people who will “like” my post, but they never actually leave a comment. That is frustrating, because I don’t know if they have actually read my content or they are liking it in hopes that I will come and visit them. You might gain a few followers by playing the numbers game, but they won’t stick around long if you’re not speaking your own authentic truth. Making REAL connections is what commenting (and blogging) is all about, right?

  5. Here’s my “added value”: I can’t stress enough the importance of being sincere in your comments. It would be easy for a reasonably intelligent person to use this formula and play the numbers game by commenting on as many blogs as possible. You MUST truly connect with the post–because when you do,  everything flows quite naturally. The greeting, the complement, the added value…you ask the thoughtful question because it’s something you truly want to know the answer to!

  6. I am a blogger who left the scene for a while, and now I’m back, and ready to make some new connections. I will most definitely be checking out your site! This excellent, super comprehensive post could not have come at a better time for me, thank you!

  7. Great day! I could have sworn I’ve been to this blog previously however in the wake of perusing a portion of the posts I understood it’s unfamiliar to me. In any case, I’m unquestionably happy I discovered it and I’ll be bookmarking and inquiring regularly! Great and Unique topic! Thanks for sharing this article. it is really helpful for blog commenting.

  8. Thank you! I’m really glad you enjoyed it. Did you have a favorite tip or suggestion? Anything new that jumped out at you? Spectacular post my friend, you really did give us ALL the scoop on how to stand out through commenting. I’ve been telling my readers this for years.

  9. I love this post. And you’re right, so many people say “Leave comments!” but no one tells you HOW. I get comments on mine that are just “Nice article”, which is nice validation, but I much prefer getting questions because it shows the commenter actually read the post I am very happy to say that it is an interesting publication to read. I learn new information from your article, you are doing a great job

  10. Hello I am so glpad I fund your site, I really found you by accident, while I was searchhing on Askjeeve for something else, Anyways I am here now and would just like to say thanks a lot for a remarkable post and a all round enjoyable blog (I also love tthe theme/design), I don't have time to read through it all at tthe minute bbut I have book-marked it and also included your RSS feeds, so when I have time I will be back to read a great deal more, Please do keep up the awesome work.

Leave a Reply