...
The following is a config which sends all syslog over severity 6 logs from /var/log/messages using facility local6.
| Code Block |
|---|
# enable the imfile module for file monitoring
$ModLoad imfile
$WorkDirectory /var/spool/rsyslog
# Monitor the file
$InputFileName /var/log/messages
$InputFileTag :
$InputFileStateFile messages_log
$InputFileSeverity error
$InputFileFacility local6
$InputFilePollInterval 1
$InputFilePersistStateInterval 1
$InputRunFileMonitor |
Example Topology
In the example above all syslog messages received with a facility of local7 will be forwarded to the master server at 10.215.1.5. When this message is forwarded from the poller to the master, the poller will insert its own timestamp into the message.
...