rsyslog network listening
* listen to current test vlans * listen on future prod vlans * Templates for general reception * collect all hostapd (assoc) in single file
This commit is contained in:
Vladimir Vitkov
parent
23469505da
commit
b8d4660ab3
|
|
@ -14,9 +14,26 @@ $ModLoad imklog # provides kernel logging support
|
||||||
|
|
||||||
# provides UDP syslog reception
|
# provides UDP syslog reception
|
||||||
$ModLoad imudp
|
$ModLoad imudp
|
||||||
# Listen only on management
|
# MGMT
|
||||||
$UDPServerAddress 10.200.0.1
|
$UDPServerAddress 10.200.0.1
|
||||||
$UDPServerRun 514
|
$UDPServerRun 514
|
||||||
|
# overflow
|
||||||
|
$UDPServerAddress 10.203.0.1
|
||||||
|
$UDPServerRun 514
|
||||||
|
# video
|
||||||
|
$UDPServerAddress 10.204.0.1
|
||||||
|
$UDPServerRun 514
|
||||||
|
|
||||||
|
# prod
|
||||||
|
# MGMT
|
||||||
|
$UDPServerAddress 10.100.0.1
|
||||||
|
$UDPServerRun 514
|
||||||
|
# overflow
|
||||||
|
$UDPServerAddress 10.103.0.1
|
||||||
|
$UDPServerRun 514
|
||||||
|
# video
|
||||||
|
$UDPServerAddress 10.104.0.1
|
||||||
|
$UDPServerRun 514
|
||||||
|
|
||||||
###########################
|
###########################
|
||||||
#### GLOBAL DIRECTIVES ####
|
#### GLOBAL DIRECTIVES ####
|
||||||
|
|
@ -42,6 +59,33 @@ $Umask 0022
|
||||||
#
|
#
|
||||||
$WorkDirectory /var/spool/rsyslog
|
$WorkDirectory /var/spool/rsyslog
|
||||||
|
|
||||||
|
# now dump received logs
|
||||||
|
# will be finicky to look but good for later analisys
|
||||||
|
$template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log"
|
||||||
|
|
||||||
|
# template for hostapd (associations)
|
||||||
|
$template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log"
|
||||||
|
|
||||||
|
# current testing vlans
|
||||||
|
if $fromhost-ip startswith '10.200.' then ?RemoteLoggers
|
||||||
|
if $fromhost-ip startswith '10.203.' then ?RemoteLoggers
|
||||||
|
if $fromhost-ip startswith '10.204.' then ?RemoteLoggers
|
||||||
|
|
||||||
|
# prod vlans
|
||||||
|
if $fromhost-ip startswith '10.100.' then ?RemoteLoggers
|
||||||
|
if $fromhost-ip startswith '10.103.' then ?RemoteLoggers
|
||||||
|
if $fromhost-ip startswith '10.104.' then ?RemoteLoggers
|
||||||
|
|
||||||
|
# current testing vlans (hostapd)
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.200.' then ?RemoteHostapd
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.203.' then ?RemoteHostapd
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.204.' then ?RemoteHostapd
|
||||||
|
|
||||||
|
# prod lans (hostapd)
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.100.' then ?RemoteHostapd
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.103.' then ?RemoteHostapd
|
||||||
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.104.' then ?RemoteHostapd
|
||||||
|
|
||||||
#
|
#
|
||||||
# Include all config files in /etc/rsyslog.d/
|
# Include all config files in /etc/rsyslog.d/
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue