Contact Us

support@onapp.com

U.S: (+1) 888-876-8666

UK: +44 (0) 203-318-5364

Capturing Cloudboot HV logs

Follow

Comments

1 comment

  • Avatar
    Orest Pazdriy

    About separate local and remote logs:

    if $fromhost-ip startswith '10.0.0.' then /var/log/messages-hv.log

    It is important that the rules processing the remote messages come before any rules to process local messages. The if’s above check if a message originates on the network in question and, if so, writes them to the appropriate log.

    Also it's very useful to add “& ~” after this line.

    It tells rsyslog to stop processing the message after it was written to the log. As such, these messages will not reach the local part. Without that “& ~”, messages would also be written to the local files.

    Also note that in the filter there is a dot after the last number in the IP address. This is important to get reliable filters. For example, both of the addresses “192.0.1.1” and “192.0.10.1” start with “192.0.1” but only one actually starts with “192.0.1.”!

    So, add to /etc/rsyslog.conf the following:

    $ModLoad imudp
    $UDPServerRun 514
    if $fromhost-ip startswith '10.0.0.1' then /var/log/messages-hv.log
    & ~

    If directory /etc/rsyslog.d exists it is better to put above lines into /etc/rsyslog.d/10-remotelog.conf instead /etc/rsyslog.conf

     

     

Please sign in to leave a comment.