How to disable remote emergency events flooding the consoles on an rsyslog reciever?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default



*.emerg :omusrmsg:*


For any local emerg events?



In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.



The master server is RHEL 7.4 x86_64

rsyslog version: 8.24.0



server side configuration (snipped):

/etc/rsyslog.conf:



$ModLoad imuxsock
$ModLoad imjournal
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
*.emerg :omusrmsg:*
$OmitLocalLogging on


/etc/rsyslog.d/listen.conf:



$systemLogSocketName /run/systemd/journal/syslog






share|improve this question


























    up vote
    0
    down vote

    favorite












    In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default



    *.emerg :omusrmsg:*


    For any local emerg events?



    In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.



    The master server is RHEL 7.4 x86_64

    rsyslog version: 8.24.0



    server side configuration (snipped):

    /etc/rsyslog.conf:



    $ModLoad imuxsock
    $ModLoad imjournal
    $ModLoad imudp
    $UDPServerRun 514
    $ModLoad imtcp
    $InputTCPServerRun 514
    *.emerg :omusrmsg:*
    $OmitLocalLogging on


    /etc/rsyslog.d/listen.conf:



    $systemLogSocketName /run/systemd/journal/syslog






    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default



      *.emerg :omusrmsg:*


      For any local emerg events?



      In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.



      The master server is RHEL 7.4 x86_64

      rsyslog version: 8.24.0



      server side configuration (snipped):

      /etc/rsyslog.conf:



      $ModLoad imuxsock
      $ModLoad imjournal
      $ModLoad imudp
      $UDPServerRun 514
      $ModLoad imtcp
      $InputTCPServerRun 514
      *.emerg :omusrmsg:*
      $OmitLocalLogging on


      /etc/rsyslog.d/listen.conf:



      $systemLogSocketName /run/systemd/journal/syslog






      share|improve this question














      In a centralized logging facility, how do I prevent remote emergency messages from flooding users' consoles while still allowing the default



      *.emerg :omusrmsg:*


      For any local emerg events?



      In particular, I would like to log remote emerg messages to log files, and possibly send an email, but the remote machines shouldn't disrupt work on the master server.



      The master server is RHEL 7.4 x86_64

      rsyslog version: 8.24.0



      server side configuration (snipped):

      /etc/rsyslog.conf:



      $ModLoad imuxsock
      $ModLoad imjournal
      $ModLoad imudp
      $UDPServerRun 514
      $ModLoad imtcp
      $InputTCPServerRun 514
      *.emerg :omusrmsg:*
      $OmitLocalLogging on


      /etc/rsyslog.d/listen.conf:



      $systemLogSocketName /run/systemd/journal/syslog








      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 13 '17 at 16:34

























      asked Dec 13 '17 at 16:16









      Dani_l

      2,997928




      2,997928




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          Created a new /etc/rsyslog.d/remote-emerg.conf file:



          $template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
          if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
          *.emerg /var/log/remote/PANIC;myFormat0
          stop



          Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.



          To test run both localy and on a remote host:



          logger -p daemon.emerg "TEST from $HOSTNAME"


          local run prints to cosole, remote is only logged to the file PANIC






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );








             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410684%2fhow-to-disable-remote-emergency-events-flooding-the-consoles-on-an-rsyslog-recie%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote



            accepted










            Created a new /etc/rsyslog.d/remote-emerg.conf file:



            $template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
            if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
            *.emerg /var/log/remote/PANIC;myFormat0
            stop



            Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.



            To test run both localy and on a remote host:



            logger -p daemon.emerg "TEST from $HOSTNAME"


            local run prints to cosole, remote is only logged to the file PANIC






            share|improve this answer
























              up vote
              0
              down vote



              accepted










              Created a new /etc/rsyslog.d/remote-emerg.conf file:



              $template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
              if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
              *.emerg /var/log/remote/PANIC;myFormat0
              stop



              Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.



              To test run both localy and on a remote host:



              logger -p daemon.emerg "TEST from $HOSTNAME"


              local run prints to cosole, remote is only logged to the file PANIC






              share|improve this answer






















                up vote
                0
                down vote



                accepted







                up vote
                0
                down vote



                accepted






                Created a new /etc/rsyslog.d/remote-emerg.conf file:



                $template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
                if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
                *.emerg /var/log/remote/PANIC;myFormat0
                stop



                Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.



                To test run both localy and on a remote host:



                logger -p daemon.emerg "TEST from $HOSTNAME"


                local run prints to cosole, remote is only logged to the file PANIC






                share|improve this answer












                Created a new /etc/rsyslog.d/remote-emerg.conf file:



                $template myFormat0,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg:::drop-last-lfn"
                if $fromhost-ip != '127.0.0.1' and $syslogseverity-text == 'emerg' then
                *.emerg /var/log/remote/PANIC;myFormat0
                stop



                Note: I tried using %HOSTNAME% instead of %FROMHOST-IP% but it alwayes printed localhost even when the remote hostname is configured correctly.



                To test run both localy and on a remote host:



                logger -p daemon.emerg "TEST from $HOSTNAME"


                local run prints to cosole, remote is only logged to the file PANIC







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 13 '17 at 19:09









                Dani_l

                2,997928




                2,997928






















                     

                    draft saved


                    draft discarded


























                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410684%2fhow-to-disable-remote-emergency-events-flooding-the-consoles-on-an-rsyslog-recie%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?