Configure an rsyslog server running the RHEL or CentOS operating system to accept incoming syslog messages from Swarm.
See the rsyslog man page or the rsyslog documentation.
To configure the syslog server:
Log in as a user with root privileges.
Execute the following command:
vim /etc/rsyslog.conf
In the rsyslog.conf file, comment out the following lines to accept inbound UDP connections on port 514:
$ModLoad imudp.so $UDPServerRun 514
Edit the file so the timestamp and IP address of incoming syslog messages appear.
Locate the following text:
#### GLOBAL DIRECTIVES #### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Change this text to the following:
#### GLOBAL DIRECTIVES #### $template myFormat,"%fromhost-ip% %rawmsg%\n" $ActionFileDefaultTemplate myFormat
(Optional) Create a log file for each Swarm product by configuring a log file per logging facility:
local5.* /var/log/caringo/cr.log local6.* /var/log/caringo/castor.log
(Optional) Create a log file based on any desired string in the log message using the :msg parameter.
For example, to create a log file that only includes messages with the word "Trims", use this format::msg,contains,"Trims" /var/log/caringo/trims.log
The result matches the following messages:
2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:51,602 HP DEBUG: Trims decidable locally / trims needed: 0/0 2016-02-11T17:06:10.359Z 10.1.1.153 [21] debug : 00:52,484 HP DEBUG: Trims decidable locally / trims needed: 0/0
Check iptables and Security-Enhanced Linux (SELinux) to verify inbound port 514 is not blocked.
Restart the rsyslog process:
service rsyslog restart