'how to send only specific files to remote server using rsyslog

I am new to rsyslog. I have multiple servers(rsyslog servers) sending syslog messages to a remote server(syslog-ng server). Right now, I am sending everything to the remote server. I want to filter out and send logs from specific files to the remote server.

10-custom.conf - this is the custom config file which I am using

#Forward specific logs to remote server
module(load="imfile")

input(type="imfile"
      file="/var/log/tomcat8/bar.log"
      Tag="bar:")

input(type="imfile"
      file="/var/log/tomcat8/foo.log"
      Tag="foo:")

input(type="imfile"
      file="/var/log/dpkg.log"
      Tag="dpkg:")

input(type="imfile"
      file="/var/log/syslog"
      Tag="syslog:")

input(type="imfile"
      file="/var/log/auth.log"
      Tag="auth:")

input(type="imfile"
      file="/var/log/kern.log"
      Tag="kern:")


#if $Tag == "catalina:" then @@remoteserver:port
:syslogtag, isequal, "catalina:" @@remoteserver:port
& stop

I am trying to filter out based on Tags and send it to remote server. I couldn't get this working.

What's best way to get this set up?

Thanks in advance!

linuxloggingsyslogrsyslogsyslog-ng


Solution 1:[1]

You can place statements on top of rsyslog.conf like mentioned in here:

https://www.rsyslog.com/discarding-unwanted-messages/

For instance, assuming you want to send only a specific facility messages to a remote log server, such as all related mail messages regardless of the priority level, add the line below to rsyslog configuration file:

mail.* @192.168.10.254:514

Solution 2:[2]

The following sample monitors two files. If you need just one, remove the second one. If you need more, add them according to the sample ;). This code must be placed in /etc/rsyslog.conf (or wherever your distro puts rsyslog’s config files). Note that only commands actually needed need to be specified. The second file uses less commands and uses defaults instead.

module(load="imfile" PollingInterval="10") #needs to be done just once

# File 1
input(type="imfile"
      File="/path/to/file1"
      Tag="tag1"
      Severity="error"
      Facility="local7")

# File 2
input(type="imfile"
      File="/path/to/file2"
      Tag="tag2")

# ... and so on ... #

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 user2066657
Solution 2 he shouyong

Related Questions