Différences

Ci-dessous, les différences entre deux révisions de la page.

--- informatique:system_admin:rsyslog [07/04/2021 10:42] – créée cyrille
+++ informatique:system_admin:rsyslog [07/04/2021 18:18] (Version actuelle) – [Configuration] tips on TAG cyrille
@@ Ligne 6: / Ligne 6: @@
   * https://www.rsyslog.com/doc/v8-stable/
   * https://rsyslog.readthedocs.io/en/latest/configuration/
+===== Configuration =====
+  * [[https://www.rsyslog.com/doc/v8-stable/rainerscript/queue_parameters.html|General Queue Parameters]]
+  * [[https://www.rsyslog.com/doc/v8-stable/configuration/properties.html|rsyslog Properties]]
+  * [[https://www.rsyslog.com/doc/v8-stable/configuration/actions.html|Actions]]
+==== Tips ====
+For TAG don't forget to add **":"** at end of value !! Like ''$syslogtag=="foo:"''
+==== protocol RELP ====
+=== Server side ===
+  * module [[https://rsyslog.readthedocs.io/en/latest/configuration/modules/imrelp.html|imrelp]]
+  * module [[https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html|omfile]]
+<code>
+# sudo apt install rsyslog-relp
+module(load="imrelp")
+input(type="imrelp" Port="2514" MaxDataSize="10k"
+        Address="10.0.1.104" KeepAlive="on"
+        Ruleset="imrelpRemoteData")
+# now define our ruleset, which also includes threading and queue parameters.
+ruleset(name="imrelpRemoteData"
+        queue.type="LinkedList"
+        queue.workerThreads="2"
+       ) {
+    action(type="omfile" file="/var/log/remote.log"
+           ioBufferSize="512k" flushOnTXEnd="off"
+           asyncWriting="on")
+}
+</code>
+=== Client side ===
+  * module [[https://rsyslog.readthedocs.io/en/latest/configuration/modules/omrelp.html|omrelp]]
+<code>
+# forward some messages to server
+module(load="omrelp")
+*.* action(type="omrelp" target="10.0.1.104" port="2514")
+</code>
+=== Nginx ===
+  * [[https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#syslog]]
+  * [[https://chabik.com/2019/02/nginx-logging-to-syslog/]]