Turning on/off logging for selective environments

[stecino]

I have stageA, stageB, prodA, prodB environments where rsyslogd conf files are configured to forward logs to NLS.
What is the easy way to selectively turn off and then may be turn on selective environments or individual servers from forwarding logs to NLS.

I guess one simple way would be removing all the rsyslog conf files, or comment them out, that will forward to NLS. But it could be tidious, unless it's tied to Chef/Puppet.
Is there another way of doing this?

[Box293]

Perhaps using the $IncludeConfig directive to reference a directory. This way you can add and delete configs as required, I assume a service restart would be required when this is done.

Here's some reading material:
http://www.rsyslog.com/doc/rsconf1_includeconfig.html

[eloyd]

Can you be more specific about what you're trying to do? Is this a one time on/off thing or will you be doing it on a regular basis? Also, why would you want to cease sending logs to NLS when you can just ignore them on the NLS side when pulling reports/dashboards?

NLS installs itself with the "$IncludeConfig /etc/rsyslog.d/*.conf" directive, so that /etc/rsyslog.d files get included. You can programatically turn things on/off there (and we use Chef to do it on our boxes, like you said) but once installed, we never turn them off.

One thought would be to use iptables to dump outbound traffic destined for your NLS server or to use /etc/hosts to redirect outbound traffic from the proper NLS server IP address to someplace else like localhost. This will cause packets to just get dropped, assuming nothing's listen on localhost:5544.

So again, without knowing why you want to do this or what the overall goal is, I would be uncomfortable recommending a specific solution (though I would lean towards iptables dropping outbound packets).

[jolson]

stecino,

Please answer the above questions posed by Box293 and eloyd. Thanks!