Configure an a rsyslog server running the RHEL or CentOS operating system to accept incoming syslog messages from Swarm.
See the rsyslog man page or the rsyslog documentation.
To configure the syslog server:
Log in as a user with root privileges.
Execute the following command:
Code Block language bash vim /etc/rsyslog.conf
In the rsyslog.conf file, comment out the following lines to accept inbound UDP connections on port 514:
Code Block language bash $ModLoad imudp.so $UDPServerRun 514
Edit the file so the timestamp and IP address of incoming syslog messages appear.
Locate the following text:
Code Block language bash #### GLOBAL DIRECTIVES #### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Change this text to the following:
Code Block language bash #### GLOBAL DIRECTIVES #### $template myFormat,"%fromhost-ip% %rawmsg%\n" $ActionFileDefaultTemplate myFormat
...
Create a log file for each Swarm product by configuring a log file per logging facility:
Code Block language bash local5.* /var/log/caringo/cr.log local6.* /var/log/caringo/castor.log
...
Info |
---|
OptionalThis step is optional. |
Create a log file based on any desired string in the log message using the :msg parameter.
For example, to create a log file that only includes messages with the word "Trims", use this format:Code Block language bash :msg,contains,"Trims" /var/log/caringo/trims.log
The result matches the following messages:
Code Block language bash 2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:51,602 HP DEBUG: Trims decidable locally / trims needed: 0/0 2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:52,484 HP DEBUG: Trims decidable locally / trims needed: 0/0
Info |
---|
OptionalThis step is optional. |
Check iptables and Security-Enhanced Linux (SELinux) to verify inbound port 514 is not blocked.
Restart the rsyslog process:
Code Block language bash service rsyslog restart