how to send log file using rsyslog

Ashish

11/4/22, 5:43 PM

I am using Centos 7.6 and have configured rsyslog server and able to send logs(syslog) from client to server, but I need to transfer the file /var/log/wtmp to rsyslog server and I have tried below configuration configuration but not working at all.

[server]

$template RemoteLogs,"/var/log/clients/%HOSTNAME%/%$NOW%.log"
*.* ?RemoteLogs
& ~

I have tried the below configuration but it is not transferring the file, Please help what is missing

[client]

module(load="imfile" PollingInterval="10") #needs to be done just once

# File 1
input(type="imfile"
      File="/var/log/wtmp"
      Tag="file:wtmp"
#      StateFile="statefile1"
      Severity="info")

Not working

250

0 + 7

linux

centos

rsyslog

centos7

Michael Hampton

11/4/22, 5:45 PM

wtmp is not a syslog file.

Louis Papaloizou

11/4/22, 6:54 PM

wtmp seems to be a dump file rather than a log file. Consider using rsync to send it over. Setting up rsyncd on the remote server is very easy too if you don't want to use SSH.

Ashish

11/5/22, 1:05 AM

@MichaelHampton would not it possible to send the wtmp file using rsyslog? rsysnc i will surely consider but is it possible to send via rsyslog?

Michael Hampton

11/5/22, 1:14 AM

It's a binary file, not a text file. So that is not something that rsyslog can do.

Ashish

11/5/22, 10:07 AM

I have tried to configure /var/log/secure to send it via rsyslog and restart the service and getting an error

Ashish

11/5/22, 10:08 AM

Jul 5 21:05:42 node1 rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 103: invalid character '0' in object definition - is there an invalid escape sequence somewhere? [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ] Jul 5 21:05:42 node1 rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 103: syntax error on token ')' [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ] Jul 5 21:05:42 node1 rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [v8.24.0-38.el7 try http://www.rsyslog.com/e/2207 ]

Ashish

11/5/22, 10:10 AM

input(type="imfile" File="/var/log/secure" Tag="secure:" StateFile="imfile-secure.state" Severity="notice" Facility="local2" reopenOnTruncate="on" PersistStateInterval=4000) local2.notice @@192.168.1.34:514

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to send log file using rsyslog

TH: วิธีส่งไฟล์บันทึกโดยใช้ rsyslog

RO: cum se trimite fișierul jurnal folosind rsyslog

RU: как отправить файл журнала с помощью rsyslog

VI: cách gửi tệp nhật ký bằng rsyslog

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.