Confused about syslogs

[b3l33]

I ran the script to send Ubuntu syslogs to the Nagios Log Server. All seems good - I see syslog entries feeding into the server and can query the data.

However, should I only expect log entries from syslog or should I see entries from other logs?

I have a custom application log file that is using syslog.h and end up in a log file under /var/log. Should I expect them to flow into Log Server automatically or are there additional steps i need to take?

When I run the "Send Linux Files to Nagios Log Server" version of the script on my app log, the log entries then appear redundantly in syslog and then appear in Log Server, but appear with the log entry stuffed into the syslog with redundant time stamps and they loose their original severity (which is undesired).

[b3l33]

So I did the following which seems to work. Does anyone see a problem with this. It's different than what the nagios script would have created. I'm not sure if this will have any unintended side affects, etc.

I added a .conf file:

Code: Select all

#/etc/rsyslog.d/30-myapp.conf
if $programname == 'myapp' then /var/log/myapp.log
if $programname == 'myapp' then @@10.0.0.26:5544
if $programname == 'myapp' then ~

[hsmith]

I think that should work just fine. The wizard is usually enough to cover most systems, but occasionally we run into one where it does not work as desired. Let us know if you run into any issues with this configuration.

Thanks!

[b3l33]

thank you very much. it seems to be working well.

[hsmith]

I'm glad to hear it. Would you like us to close this thread since it is working?