Inviare i log a Graylog tramite rsyslog

From RVM Wiki
Revision as of 15:44, 22 February 2024 by Gabriele.vivinetto (talk | contribs) (Created page with "* Installare rsyslog apt install rsyslog * Creare il seguent file di configurazione: vi /etc/rsyslog.d/graylog.conf <pre> *.* action( Action.resumeInterval="10" RebindInterval="10000" # cycling TCP connections allows for load balancing Queue.Size="100000" Queue.DiscardMark="97500" Queue.HighWaterMark="80000" Queue.Type="LinkedList" Queue.FileName="rsyslogqueue" Queue.CheckpointInterval="100" Queue.MaxDiskSpace="2g" Action.R...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  • Installare rsyslog
apt install rsyslog
  • Creare il seguent file di configurazione:
vi /etc/rsyslog.d/graylog.conf

*.*  action(
   Action.resumeInterval="10"
   RebindInterval="10000"            # cycling TCP connections allows for load balancing
   Queue.Size="100000"
   Queue.DiscardMark="97500"
   Queue.HighWaterMark="80000"
   Queue.Type="LinkedList"
   Queue.FileName="rsyslogqueue"
   Queue.CheckpointInterval="100"
   Queue.MaxDiskSpace="2g"
   Action.ResumeRetryCount="-1"
   Queue.SaveOnShutdown="on"
   Queue.TimeoutEnqueue="10"
   Queue.DiscardSeverity="0"
   type="omfwd"
   target="192.168.10.105"
   protocol="tcp"
   port="1514"
   template="RSYSLOG_SyslogProtocol23Format"
)
  • Riavviare rsyslog
systemctl restart rsyslog
Retrieved from "https://kb.rvmgroup.it/index.php?title=Inviare_i_log_a_Graylog_tramite_rsyslog&oldid=11108"