Rsyslog and RELP

From MyWiki

Revision as of 11:04, 15 October 2014 (view source) Admin (Talk | contribs) (Created page with 'We need to configure Syslog to send messages out to Logstash through Redis in RELP format on Ubuntu 12.04 server. <pre> root@server:~# apt-get update root@server:~# apt-get ins…') ← Older edit		Current revision as of 15:40, 15 October 2014 (view source) Admin (Talk | contribs) (Turn off repeated message reduction added)
(2 intermediate revisions not shown)
Line 44:		Line 44:
	<pre>		<pre>
	action(type="omrelp" target="redis-server-name" port="2514")		action(type="omrelp" target="redis-server-name" port="2514")
		+	</pre>
		+
		+	Add RELP configuration to <tt>/etc/rsyslog.conf</tt> file (add the below lines into Modules section):
		+
		+	<pre>
		+	#RELP Output
		+	module(load="omrelp")
		+	</pre>
		+
		+	Turn off repeated message reduction, so you have every message instead of those pesky "message repeated N times" lines.
		+
		+	<pre>
		+	# Filter duplicated messages
		+	$RepeatedMsgReduction off
	</pre>		</pre>

---

Current revision as of 15:40, 15 October 2014

We need to configure Syslog to send messages out to Logstash through Redis in RELP format on Ubuntu 12.04 server.

root@server:~# apt-get update

root@server:~# apt-get install python-software-properties

root@server:~# add-apt-repository ppa:adiscon/v8-stable
You are about to add the following PPA to your system:
 Contains the latest RSyslog V8-Stable packages and dependencies.
 More info: https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmpLRDNaP/secring.gpg' created
gpg: keyring `/tmp/tmpLRDNaP/pubring.gpg' created
gpg: requesting key 5234BF2B from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpLRDNaP/trustdb.gpg: trustdb created
gpg: key 5234BF2B: public key "Launchpad PPA for Adiscon" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
OK

Another apt-get update

root@server:~# apt-get update

Install RELP library and rsyslog

root@server:~# apt-get install librelp0 rsyslog rsyslog-relp

Create configuration file to send messages to Redis in RELP format

root@server:~# vi /etc/rsyslog.d/sendsyslog2logstash.conf

Add this line into the file, save and exit.

action(type="omrelp" target="redis-server-name" port="2514")

Add RELP configuration to /etc/rsyslog.conf file (add the below lines into Modules section):

#RELP Output
module(load="omrelp")

Turn off repeated message reduction, so you have every message instead of those pesky "message repeated N times" lines.

# Filter duplicated messages
$RepeatedMsgReduction off

Restart Syslog

root@server:~# service rsyslog restart