Inviare i log a Graylog tramite rsyslog

From RVM Wiki
Jump to navigation Jump to search
  • Installare rsyslog
apt install rsyslog
  • Creare il seguent file di configurazione:
vi /etc/rsyslog.d/graylog.conf

*.*  action(
   Action.resumeInterval="10"
   RebindInterval="10000"            # cycling TCP connections allows for load balancing
   Queue.Size="100000"
   Queue.DiscardMark="97500"
   Queue.HighWaterMark="80000"
   Queue.Type="LinkedList"
   Queue.FileName="rsyslogqueue"
   Queue.CheckpointInterval="100"
   Queue.MaxDiskSpace="2g"
   Action.ResumeRetryCount="-1"
   Queue.SaveOnShutdown="on"
   Queue.TimeoutEnqueue="10"
   Queue.DiscardSeverity="0"
   type="omfwd"
   target="192.168.10.105"
   protocol="tcp"
   port="1514"
   template="RSYSLOG_SyslogProtocol23Format"
)
  • Riavviare rsyslog
systemctl restart rsyslog
Retrieved from "https://kb.rvmgroup.it/index.php?title=Inviare_i_log_a_Graylog_tramite_rsyslog&oldid=11108"