0

I am using Centos 7.6 and have configured rsyslog server and able to send logs(syslog) from client to server, but I need to transfer the file /var/log/wtmp to rsyslog server and I have tried below configuration configuration but not working at all.

[server]

$template RemoteLogs,"/var/log/clients/%HOSTNAME%/%$NOW%.log"
*.* ?RemoteLogs
& ~

I have tried the below configuration but it is not transferring the file, Please help what is missing

[client]

module(load="imfile" PollingInterval="10") #needs to be done just once

# File 1
input(type="imfile"
      File="/var/log/wtmp"
      Tag="file:wtmp"
#      StateFile="statefile1"
      Severity="info")

Not working

Ashish
  • 1
  • 1
  • wtmp is not a syslog file. – Michael Hampton Jul 04 '21 at 17:45
  • wtmp seems to be a dump file rather than a log file. Consider using rsync to send it over. Setting up rsyncd on the remote server is very easy too if you don't want to use SSH. – Louis Papaloizou Jul 04 '21 at 18:54
  • @MichaelHampton would not it possible to send the wtmp file using rsyslog? rsysnc i will surely consider but is it possible to send via rsyslog? – Ashish Jul 05 '21 at 01:05
  • It's a binary file, not a text file. So that is not something that rsyslog can do. – Michael Hampton Jul 05 '21 at 01:14
  • I have tried to configure /var/log/secure to send it via rsyslog and restart the service and getting an error – Ashish Jul 05 '21 at 10:07
  • Jul 5 21:05:42 node1 rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 103: invalid character '0' in object definition - is there an invalid escape sequence somewhere? [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ] Jul 5 21:05:42 node1 rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 103: syntax error on token ')' [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ] Jul 5 21:05:42 node1 rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ] – Ashish Jul 05 '21 at 10:08
  • input(type="imfile" File="/var/log/secure" Tag="secure:" StateFile="imfile-secure.state" Severity="notice" Facility="local2" reopenOnTruncate="on" PersistStateInterval=4000) local2.notice @@192.168.1.34:514 – Ashish Jul 05 '21 at 10:10

0 Answers0