Hi,
why not just search/read wiki? http://www.observium.org/wiki/Rsyslog_Syslog_Server
On Sat, Jun 13, 2015 at 8:18 PM, Jason Lixfeld jason@lixfeld.ca wrote:
I was working on trying to get my rsyslog configuration working with observium as well as preserving my configuration for logging inbound logs to files based on the sender’s hostname so Splunk could eat them.
It was a bit of a pain, so I thought I’d share incase anyone else found it useful:
# /etc/rsyslog.d/30-remote.conf # # Based on a default rsyslog.conf file from Debian Jessie (8) # module(load="omprog") module(load="imtcp") module(load="imudp”)
template(name="observium" type="string" string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n") template(name="hostname" type="string" string="/var/log/remote/%HOSTNAME%.log”)
ruleset(name="remote"){ action(type="omprog" binary="/opt/observium/syslog.php" template="observium") action(type="omfile" dynafile="hostname") }
input(type="imtcp" port="601" ruleset="remote") input(type="imudp" port="514" ruleset="remote”) #<EOF> _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium