Page Comparison

Configure an a rsyslog server running the RHEL or CentOS operating system to accept incoming syslog messages from Swarm.

See the rsyslog man page or the rsyslog documentation.

To configure the syslog server:

1. Log in as a user with root privileges.

2. Execute the following command:

   Code Block
   language bash
   vim /etc/rsyslog.conf

3. In the rsyslog.conf file, comment out the following lines to accept inbound UDP connections on port 514:

   Code Block
   language bash
   $ModLoad imudp.so $UDPServerRun 514

4. Edit the file so the timestamp and IP address of incoming syslog messages appear.

5. Locate the following text:

   Code Block
   language bash
   #### GLOBAL DIRECTIVES #### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

6. Change this text to the following:

   Code Block
   language bash
   #### GLOBAL DIRECTIVES #### $template myFormat,"%fromhost-ip% %rawmsg%\n" $ActionFileDefaultTemplate myFormat

...

1. Create a log file for each Swarm product by configuring a log file per logging facility:

   Code Block
   language bash
   local5.* /var/log/caringo/cr.log local6.* /var/log/caringo/castor.log

...

8. Create a log file based on any desired string in the log message using the :msg parameter.
   For example, to create a log file that only includes messages with the word "Trims", use this format:

   Code Block
   language bash
   :msg,contains,"Trims" /var/log/caringo/trims.log

   The result matches the following messages:

   Code Block
   language bash
   2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:51,602 HP DEBUG: Trims decidable locally / trims needed: 0/0 2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:52,484 HP DEBUG: Trims decidable locally / trims needed: 0/0

9. Check iptables and Security-Enhanced Linux (SELinux) to verify inbound port 514 is not blocked.

10. Restart the rsyslog process: 

    Code Block
    language bash
    service rsyslog restart