Configuration Rsyslog
Configuration Rsyslog - Réseaux - Systèmes & Réseaux Pro
Sujets relatifs:
- Configuration réseau accès de l'extérieur
- Aide configuration serveur pour une tpe
- configuration VPN
- Édit : serveur Synology : Quid de la configuration
- Configuration backuppc
- Configuration serveur dedie
- [RESOLU] Problème de configuration VPN côté client sur Cisco SR520
- Configuration de Windows Server 2008 Aide
- [VPN] Configuration Cisco RV042
Marsh Posté le 25-10-2012 à 20:01:19
Bonjour,
J'ai besoin d'un peu d'aide pour de la configuration Rsyslog.
J'ai indiqué sur chacune de mes machine l'adresse IP de mon collecteur en rajoutant une ligne sous la forme *.* @192.168.X.X
Le problème est que je loggue tout sur mon collecteur donc les filesystems explosent
Pourtant, il me semble avoir filtré à partir des warning mais je suis submergé d'info notamment en provenance de mes FW qui logguent TOUS les ACCEPT...
J'ai placé mon fichier de conf en dessous et je suis preneur de tout conseil.
Merci
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
$ModLoad imklog
$FileOwner admin
$FileGroup admin
$FileCreateMode 0640
$DirCreateMode 0755
*.* @192.168.210.16
$ModLoad imudp
$UDPServerRun 514
$DirOwner admin
$DirGroup admin
$ModLoad imtcp
$InputTCPServerRun 514
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/boot/log
# Remote logging
$ModLoad imudp
$UDPServerAddress *
$UDPServerRun 514
$template DYNmessages,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages"
$template DYNsecure,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/secure"
$template DYNmaillog,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/maillog"
$template DYNcron,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/cron"
$template DYNspooler,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/spooler"
$template DYNboot,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/boot.log"
if \
$source != 'localhost' \
# and \
# $syslogseverity <= '4' \
and ( \
$syslogfacility-text != 'mail' \
and \
$syslogfacility-text != 'authpriv' \
and \
$syslogfacility-text != 'cron' \
) \
then ?DYNmessages
if \
$source != 'localhost' \
and \
$syslogfacility-text == 'authpriv' \
then ?DYNsecure
if \
$source != 'localhost' \
and \
$syslogfacility-text == 'mail' \
then -?DYNmaillog
if \
$source != 'localhost' \
and \
$syslogfacility-text == 'cron' \
then ?DYNcron
if \
$source != 'localhost' \
and \
(\
$syslogfacility-text == 'uucp' \
or \
$syslogfacility-text == 'news' \
)\
and \
$syslogseverity-text == 'crit' \
then ?DYNspooler
if \
$source != 'localhost' \
and \
$syslogfacility-text == 'local7' \
then ?DYNboot