How to disable remote emergency events flooding the consoles on an rsyslog reciever?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default
*.emerg :omusrmsg:*
For any local emerg events?
In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.
The master server is RHEL 7.4 x86_64
rsyslog version: 8.24.0
server side configuration (snipped):
/etc/rsyslog.conf:
$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.emerg :omusrmsg:*
$OmitLocalLogging on
/etc/rsyslog.d/listen.conf:
$systemLogSocketName /run/systemd/journal/syslog
rhel remote rsyslog
asked Dec 13 '17 at 16:16
Dani_l
2,997928
add a comment |Â
up vote
0
down vote
favorite
In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default
*.emerg :omusrmsg:*
For any local emerg events?
In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.
The master server is RHEL 7.4 x86_64
rsyslog version: 8.24.0
server side configuration (snipped):
/etc/rsyslog.conf:
$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.emerg :omusrmsg:*
$OmitLocalLogging on
/etc/rsyslog.d/listen.conf:
$systemLogSocketName /run/systemd/journal/syslog
rhel remote rsyslog
asked Dec 13 '17 at 16:16
Dani_l
2,997928
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default
*.emerg :omusrmsg:*
For any local emerg events?
In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.
The master server is RHEL 7.4 x86_64
rsyslog version: 8.24.0
server side configuration (snipped):
/etc/rsyslog.conf:
$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.emerg :omusrmsg:*
$OmitLocalLogging on
/etc/rsyslog.d/listen.conf:
$systemLogSocketName /run/systemd/journal/syslog
rhel remote rsyslog
asked Dec 13 '17 at 16:16
Dani_l
2,997928
In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default
*.emerg :omusrmsg:*
For any local emerg events?
In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.
The master server is RHEL 7.4 x86_64
rsyslog version: 8.24.0
server side configuration (snipped):
/etc/rsyslog.conf:
$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.emerg :omusrmsg:*
$OmitLocalLogging on
/etc/rsyslog.d/listen.conf:
$systemLogSocketName /run/systemd/journal/syslog
rhel remote rsyslog
asked Dec 13 '17 at 16:16
Dani_l
2,997928
edited Dec 13 '17 at 16:34
asked Dec 13 '17 at 16:16
Dani_l
2,997928
asked Dec 13 '17 at 16:16
Dani_l
2,997928
asked Dec 13 '17 at 16:16
Dani_l
2,997928
2,997928
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Created a new /etc/rsyslog.d/remote-emerg.conf file:
$template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
*.emerg /var/log/remote/PANIC;myFormat0
stop
Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.
To test run both localy and on a remote host:
logger -p daemon.emerg "TEST from $HOSTNAME"
local run prints to cosole, remote is only logged to the file PANIC
answered Dec 13 '17 at 19:09
Dani_l
2,997928
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Created a new /etc/rsyslog.d/remote-emerg.conf file:
$template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
*.emerg /var/log/remote/PANIC;myFormat0
stop
Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.
To test run both localy and on a remote host:
logger -p daemon.emerg "TEST from $HOSTNAME"
local run prints to cosole, remote is only logged to the file PANIC
answered Dec 13 '17 at 19:09
Dani_l
2,997928
add a comment |Â
up vote
0
down vote
accepted
Created a new /etc/rsyslog.d/remote-emerg.conf file:
$template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
*.emerg /var/log/remote/PANIC;myFormat0
stop
Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.
To test run both localy and on a remote host:
logger -p daemon.emerg "TEST from $HOSTNAME"
local run prints to cosole, remote is only logged to the file PANIC
answered Dec 13 '17 at 19:09
Dani_l
2,997928
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Created a new /etc/rsyslog.d/remote-emerg.conf file:
$template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
*.emerg /var/log/remote/PANIC;myFormat0
stop
Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.
To test run both localy and on a remote host:
logger -p daemon.emerg "TEST from $HOSTNAME"
local run prints to cosole, remote is only logged to the file PANIC
answered Dec 13 '17 at 19:09
Dani_l
2,997928
Created a new /etc/rsyslog.d/remote-emerg.conf file:
$template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
*.emerg /var/log/remote/PANIC;myFormat0
stop
Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.
To test run both localy and on a remote host:
logger -p daemon.emerg "TEST from $HOSTNAME"
local run prints to cosole, remote is only logged to the file PANIC
answered Dec 13 '17 at 19:09
Dani_l
2,997928
answered Dec 13 '17 at 19:09
Dani_l
2,997928
answered Dec 13 '17 at 19:09
Dani_l
2,997928
answered Dec 13 '17 at 19:09
Dani_l
2,997928
2,997928
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410684%2fhow-to-disable-remote-emergency-events-flooding-the-consoles-on-an-rsyslog-recie%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
