How to enable Syslog on Analytics for any releases prior to 22.1.4 : Versa Support

Enhancement-ID: 109156

Description: Add ability to send analytics host syslog traffic to an external node.

Fix-Release: 22.1.4

Workaround until then:

Open /etc/rsyslog.conf
To the end of the file, please add this line and save.

auth,authpriv,cron,daemon,ftp,kern,lpr,news,security,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7.* @<FQDN/IP>:<Port>

Sample Config:

[versa@van-analytics-node: ~] $ cat /etc/rsyslog.conf

# /etc/rsyslog.conf Configuration file for rsyslog.

# For more information see

# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################

#### MODULES ####

#################

module(load="imuxsock") # provides support for local system logging

#module(load="immark") # provides --MARK-- message capability

# provides UDP syslog reception

#module(load="imudp")

#input(type="imudp" port="514")

# provides TCP syslog reception

#module(load="imtcp")

#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages

module(load="imklog" permitnonkernelfacility="on")

###########################

#### GLOBAL DIRECTIVES ####

###########################

# Use traditional timestamp format.

# To enable high precision timestamps, comment out the following line.

$template VersaCustom,"%$NOW% %timegenerated:8:15% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"

$ActionFileDefaultTemplate VersaCustom

# Filter duplicated messages

$RepeatedMsgReduction on

# Set the default permissions for all log files.

$FileOwner syslog

$FileGroup adm

$FileCreateMode 0640

$DirCreateMode 0755

$Umask 0022

$PrivDropToUser syslog

$PrivDropToGroup syslog

# Where to place spool and state files

$WorkDirectory /var/spool/rsyslog

# Include all config files in /etc/rsyslog.d/

$IncludeConfig /etc/rsyslog.d/*.conf

auth,authpriv,cron,daemon,ftp,kern,lpr,news,security,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7.* @versa.syslog-internal-Test.com:514

[versa@van-analytics-node: ~] $ sudo tcpdump -nli any port 514

[sudo] password for versa:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

10:35:01.285970 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG authpriv.info, length: 114

10:35:01.557623 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG authpriv.info, length: 114

10:35:01.557657 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG cron.info, length: 115

10:35:01.557666 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG cron.info, length: 254

10:35:01.557675 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG authpriv.info, length: 103

10:35:01.557683 IP 10.48.28.175.40225 > 142.250.188.14.514: SYSLOG authpriv.info, length: 103

How to enable Syslog on Analytics for any releases prior to 22.1.4

Modified on: Sat, 29 Jun, 2024 at 12:21 AM

More articles in Configurations