Versions Compared

Old Version 9

changes.mady.by.user Andrew Ignatenko

Saved on

compared with

New Version 10

changes.mady.by.user Andrew Ignatenko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

Initial Ticket: 

Jira Legacy
serverWildix
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId1ea7696d-9186-3c7d-b790-c8d05a360ecd
keyWMS-3987

Rsyslog is the system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.

...

Directory /rw2/etc/rsyslogd/ is a symlink for /etc/rsyslog.d/

Messages filter

The most used and well-known way to filter syslog messages is to use the facility/priority-based filters which filter syslog messages based on two conditions: facility and priority separated by a dot.

  • FACILITY specifies the subsystem that produces a specific syslog message. For example, the mail subsystem handles all mail-related syslog messages. FACILITY can be represented by one of the following keywords (or by a numerical code): kern(0), user (1), mail (2), daemon (3), auth (4), syslog (5), lpr (6), news (7), uucp (8), cron (9), authpriv (10), ftp (11), and local0 through local7 (16 - 23).

  • PRIORITY specifies a priority of a syslog message. The priority defines the severity of the message. PRIORITY can be represented by one of the following keywords (or by a number): debug (7), info (6), notice (5), warning (4), err (3), crit (2), alert (1), and emerg (0). The keywords error, warn and panic are deprecated and should not be used anymore. The aforementioned syntax selects syslog messages with the defined or higherpriority. By preceding any priority keyword with an equal sign (=), you specify that only syslog messages with the specified priority will be selected. All other priorities will be ignored. Conversely, preceding a priority keyword with an exclamation mark (!) selects all syslog messages except those with the defined priority.

...

How to Receive Rsyslog Traffic

TBDIn linux netcat can be used to listen to specified ports e.g.

To listen TCP port 

Code Block
nc -l <port number>

To listen UDP port 

Code Block
nc -ul <port number>

Then server address and port should be configured in remote syslog settings