Versions Compared

Old Version 14

changes.mady.by.user Keith Sinclair

Saved on

compared with

New Version 15

changes.mady.by.user Keith Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$template LinuxLogs,"%timegenerated%.%timegenerated:::date-subseconds% %HOSTNAME% %syslogtag%%msg%\n"
if      $fromhost-ip != '127.0.0.1' \
        and $syslogseverity <= '6' \
        and $syslogfacility <= '15' \
then    /usr/local/nmis8/logs/linux.log;LinuxLogs

Optionally handling things with the WORD LINUX in the tag

Code Block
if      $fromhost-ip != '127.0.0.1' \
        and $syslogtag contains 'LINUX' \
        and $syslogseverity <= '6' \
        and $syslogfacility <= '15' \
then    /usr/local/nmis8/logs/linux.log;LinuxLogs

Handling Different Times and Time Zones

...

Here we are using a Linux Mnemonic like the Cisco Syslog so that we do not lose the original facility and severity when the message is fowarded.

Optionally send everything with the WORD LINUX in the tag

Code Block
$template LinuxMnemonic,"%timereported% %HOSTNAME% LINUX-%syslogfacility-text%-%syslogseverity%-%syslogtag%%msg%\n"

Example Topology

 

 

In the example above all syslog messages received with a facility of local7 will be forwarded to the master server at 10.215.1.5.  When this message is forwarded from the poller to the master, the poller will insert its own timestamp into the message.

...