...
Code Block |
---|
$template LinuxLogs,"%timegenerated%.%timegenerated:::date-subseconds% %HOSTNAME% %syslogtag%%msg%\n" if $fromhost-ip != '127.0.0.1' \ and $syslogseverity <= '6' \ and $syslogfacility <= '15' \ then /usr/local/nmis8/logs/linux.log;LinuxLogs |
Optionally handling things with the WORD LINUX in the tag
Code Block |
---|
if $fromhost-ip != '127.0.0.1' \
and $syslogtag contains 'LINUX' \
and $syslogseverity <= '6' \
and $syslogfacility <= '15' \
then /usr/local/nmis8/logs/linux.log;LinuxLogs |
Handling Different Times and Time Zones
...
Here we are using a Linux Mnemonic like the Cisco Syslog so that we do not lose the original facility and severity when the message is fowarded.
Optionally send everything with the WORD LINUX in the tag
Code Block |
---|
$template LinuxMnemonic,"%timereported% %HOSTNAME% LINUX-%syslogfacility-text%-%syslogseverity%-%syslogtag%%msg%\n" |
Example Topology
In the example above all syslog messages received with a facility of local7 will be forwarded to the master server at 10.215.1.5. When this message is forwarded from the poller to the master, the poller will insert its own timestamp into the message.
...