-1

I have configured rsyslogd Log Server With Elasticsearch and Kibana. I am able to forward the /var/log/messages from the client Linux servers (CentOS 7, RHEL 6) to the central Linux Log server (CentOS 7).

However, I have a custom log file (eg:/var/log/usercommands) in all client servers, which needs to be forwarded to the central Log server. This log file records all commands executed by all users in the respective client server via command line. I have added below rule to forward the logs from clients to server. But, with the below rule, my custom log file (/var/log/usercommands) is not getting forwarded to central Log server.

 *.* @@remotehost:514

Any help on what configuration need to be added to rsyslogd.conf of the clients to forward this custom log file as well to central Log server?

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
Arun Krishnan
  • 339
  • 2
  • 3
  • 12
  • Why did I get a -1 on this question? :( – Arun Krishnan Aug 13 '17 at 08:15
  • Just guessing here, but maybe because you didn't gave specific details about your configuration and what you've tried. – gxx Aug 13 '17 at 10:10
  • your question makes no sense. You say you were able to forward the logs to a server, and then you say your issue is that you have some custom logs in all client servers. ?? what rules did you write where and how? achieve what? – sgohl Aug 13 '17 at 19:53
  • I mentioned like "I am able to forward the system and cron logs", but I have some custom logs which doesn't reach log server and also I need them in respective host folder. I am tracking all commands executed in server as a separate log file called usercommands.log under /var/log. These logs are not getting forwarded to central log server. I need them to be placed in respective folders for the host and as separate files with tag "usercommands_log" in the Central Log server. – Arun Krishnan Aug 15 '17 at 03:57

1 Answers1

0

Considering the fact that you have mixed platforms that logs in different format, I would suggest filebeat + logstash.

Install filebeat in each servers and manipulate the log with logstash.

file output will let you create directory in a way whatever path you want.

Yu Watanabe
  • 606
  • 2
  • 8
  • 18