Rsyslog and RELP
From MyWiki
(Difference between revisions)
m (Protected "Rsyslog and RELP" ([edit=sysop] (indefinite) [move=sysop] (indefinite))) |
(Turn off repeated message reduction added) |
||
| (One intermediate revision not shown) | |||
| Line 44: | Line 44: | ||
<pre> | <pre> | ||
action(type="omrelp" target="redis-server-name" port="2514") | action(type="omrelp" target="redis-server-name" port="2514") | ||
| + | </pre> | ||
| + | |||
| + | Add RELP configuration to <tt>/etc/rsyslog.conf</tt> file (add the below lines into Modules section): | ||
| + | |||
| + | <pre> | ||
| + | #RELP Output | ||
| + | module(load="omrelp") | ||
| + | </pre> | ||
| + | |||
| + | Turn off repeated message reduction, so you have every message instead of those pesky "message repeated N times" lines. | ||
| + | |||
| + | <pre> | ||
| + | # Filter duplicated messages | ||
| + | $RepeatedMsgReduction off | ||
</pre> | </pre> | ||
Current revision as of 15:40, 15 October 2014
We need to configure Syslog to send messages out to Logstash through Redis in RELP format on Ubuntu 12.04 server.
root@server:~# apt-get update root@server:~# apt-get install python-software-properties root@server:~# add-apt-repository ppa:adiscon/v8-stable You are about to add the following PPA to your system: Contains the latest RSyslog V8-Stable packages and dependencies. More info: https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable Press [ENTER] to continue or ctrl-c to cancel adding it gpg: keyring `/tmp/tmpLRDNaP/secring.gpg' created gpg: keyring `/tmp/tmpLRDNaP/pubring.gpg' created gpg: requesting key 5234BF2B from hkp server keyserver.ubuntu.com gpg: /tmp/tmpLRDNaP/trustdb.gpg: trustdb created gpg: key 5234BF2B: public key "Launchpad PPA for Adiscon" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK
Another apt-get update
root@server:~# apt-get update
Install RELP library and rsyslog
root@server:~# apt-get install librelp0 rsyslog rsyslog-relp
Create configuration file to send messages to Redis in RELP format
root@server:~# vi /etc/rsyslog.d/sendsyslog2logstash.conf
Add this line into the file, save and exit.
action(type="omrelp" target="redis-server-name" port="2514")
Add RELP configuration to /etc/rsyslog.conf file (add the below lines into Modules section):
#RELP Output module(load="omrelp")
Turn off repeated message reduction, so you have every message instead of those pesky "message repeated N times" lines.
# Filter duplicated messages $RepeatedMsgReduction off
Restart Syslog
root@server:~# service rsyslog restart
