I was working on trying to get my rsyslog configuration working with observium as well as preserving my configuration for logging inbound logs to files based on the sender’s hostname so Splunk could eat them.
It was a bit of a pain, so I thought I’d share incase anyone else found it useful:
# /etc/rsyslog.d/30-remote.conf
#
# Based on a default rsyslog.conf file from Debian Jessie (8)
#
module(load="omprog")
module(load="imtcp")
module(load="imudp”)
template(name="observium" type="string" string="%fromhost%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%programname%\n")
template(name="hostname" type="string" string="/var/log/remote/%HOSTNAME%.log”)
ruleset(name="remote"){
action(type="omprog" binary="/opt/observium/syslog.php" template="observium")
action(type="omfile" dynafile="hostname")
}
input(type="imtcp" port="601" ruleset="remote")
input(type="imudp" port="514" ruleset="remote”)
#<EOF>
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium