From b8d4660ab31fe9a206f415c807c32573fb2eebe7 Mon Sep 17 00:00:00 2001 From: Vladimir Vitkov Date: Sat, 24 Oct 2015 16:17:36 +0300 Subject: [PATCH] rsyslog network listening * listen to current test vlans * listen on future prod vlans * Templates for general reception * collect all hostapd (assoc) in single file --- monitoring/syslog/rsyslog.conf | 46 +++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/monitoring/syslog/rsyslog.conf b/monitoring/syslog/rsyslog.conf index f8eefbb..4d9c644 100644 --- a/monitoring/syslog/rsyslog.conf +++ b/monitoring/syslog/rsyslog.conf @@ -14,9 +14,26 @@ $ModLoad imklog # provides kernel logging support # provides UDP syslog reception $ModLoad imudp -# Listen only on management +# MGMT $UDPServerAddress 10.200.0.1 $UDPServerRun 514 +# overflow +$UDPServerAddress 10.203.0.1 +$UDPServerRun 514 +# video +$UDPServerAddress 10.204.0.1 +$UDPServerRun 514 + +# prod +# MGMT +$UDPServerAddress 10.100.0.1 +$UDPServerRun 514 +# overflow +$UDPServerAddress 10.103.0.1 +$UDPServerRun 514 +# video +$UDPServerAddress 10.104.0.1 +$UDPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### @@ -42,6 +59,33 @@ $Umask 0022 # $WorkDirectory /var/spool/rsyslog +# now dump received logs +# will be finicky to look but good for later analisys +$template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log" + +# template for hostapd (associations) +$template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log" + +# current testing vlans +if $fromhost-ip startswith '10.200.' then ?RemoteLoggers +if $fromhost-ip startswith '10.203.' then ?RemoteLoggers +if $fromhost-ip startswith '10.204.' then ?RemoteLoggers + +# prod vlans +if $fromhost-ip startswith '10.100.' then ?RemoteLoggers +if $fromhost-ip startswith '10.103.' then ?RemoteLoggers +if $fromhost-ip startswith '10.104.' then ?RemoteLoggers + +# current testing vlans (hostapd) +if $programname == 'hostapd' and $fromhost-ip startswith '10.200.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.203.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.204.' then ?RemoteHostapd + +# prod lans (hostapd) +if $programname == 'hostapd' and $fromhost-ip startswith '10.100.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.103.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.104.' then ?RemoteHostapd + # # Include all config files in /etc/rsyslog.d/ #