rsyslog network listening

* listen to current test vlans
 * listen on future prod vlans

 * Templates for general reception
 * collect all hostapd (assoc) in single file
This commit is contained in:
Vladimir Vitkov 2015-10-24 16:17:36 +03:00
parent 23469505da
commit b8d4660ab3
1 changed files with 45 additions and 1 deletions

View File

@ -14,9 +14,26 @@ $ModLoad imklog # provides kernel logging support
# provides UDP syslog reception # provides UDP syslog reception
$ModLoad imudp $ModLoad imudp
# Listen only on management # MGMT
$UDPServerAddress 10.200.0.1 $UDPServerAddress 10.200.0.1
$UDPServerRun 514 $UDPServerRun 514
# overflow
$UDPServerAddress 10.203.0.1
$UDPServerRun 514
# video
$UDPServerAddress 10.204.0.1
$UDPServerRun 514
# prod
# MGMT
$UDPServerAddress 10.100.0.1
$UDPServerRun 514
# overflow
$UDPServerAddress 10.103.0.1
$UDPServerRun 514
# video
$UDPServerAddress 10.104.0.1
$UDPServerRun 514
########################### ###########################
#### GLOBAL DIRECTIVES #### #### GLOBAL DIRECTIVES ####
@ -42,6 +59,33 @@ $Umask 0022
# #
$WorkDirectory /var/spool/rsyslog $WorkDirectory /var/spool/rsyslog
# now dump received logs
# will be finicky to look but good for later analisys
$template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log"
# template for hostapd (associations)
$template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log"
# current testing vlans
if $fromhost-ip startswith '10.200.' then ?RemoteLoggers
if $fromhost-ip startswith '10.203.' then ?RemoteLoggers
if $fromhost-ip startswith '10.204.' then ?RemoteLoggers
# prod vlans
if $fromhost-ip startswith '10.100.' then ?RemoteLoggers
if $fromhost-ip startswith '10.103.' then ?RemoteLoggers
if $fromhost-ip startswith '10.104.' then ?RemoteLoggers
# current testing vlans (hostapd)
if $programname == 'hostapd' and $fromhost-ip startswith '10.200.' then ?RemoteHostapd
if $programname == 'hostapd' and $fromhost-ip startswith '10.203.' then ?RemoteHostapd
if $programname == 'hostapd' and $fromhost-ip startswith '10.204.' then ?RemoteHostapd
# prod lans (hostapd)
if $programname == 'hostapd' and $fromhost-ip startswith '10.100.' then ?RemoteHostapd
if $programname == 'hostapd' and $fromhost-ip startswith '10.103.' then ?RemoteHostapd
if $programname == 'hostapd' and $fromhost-ip startswith '10.104.' then ?RemoteHostapd
# #
# Include all config files in /etc/rsyslog.d/ # Include all config files in /etc/rsyslog.d/
# #