Hello I have 2 virtual machines. One must serve as a log concentrator the other sends me his logs. However, I only need to send a certain specific type (consul logs an open source solution that allows to make configurations etc ..). For that I will use rsyslog to act as hub (machine 1). As these are very specific logs that I must recover I wanted to use local4 (a free facility for this kind of use) on my machine 2. However I can not send the information. The machines communicate well with each other but I have the impression that my concentrator (machine 1) does not recognize the local4 sent by the machine 2.
There is nothing particular I added in the / etc / rsyslog. conf of my machine 2
and in my first machine just a template to recover and oraganize the reception
Code: Select all
$template RemoteLogsTesting,"/var/log/remotehosts/%HOSTNAME%/%$now%.log"
if $fromhost-ip != "127.0.0.1" then -?RemoteLogsTesting
& stop
I read the documentation but there is something I do not understand in the filters (and my problem probably comes from there). I have a conf file in which I have only one redirect line that is used for something else, but should I add something like
Code: Select all
if $syslogfacility-text == 'local4' and $msg contains 'consul' then /var/log/cons
But i don't undestand how am I going to retrieve the name of this variable (local4) and be understood by my hub.
If someone can help me