Removing log sources

[Linuxlogger]

I am attempting to troubleshoot the import of an audit.log file. It doesn't seem to be exporting to NLS, I have some of the same information that is being sent by rsyslog and other logs. How do I remove all log sources from a server so that I can verify that I am receiving the audit.log file.

[rkennedy]

If it's a Windows machine you could run net stop nxlog, and on Linux use service rsyslog stop. This will stop logs from sending into NLS for the time being.

[Linuxlogger]

Stopping the rsyslog service only stops the logs from being exported to NLS it does not remove the sources from the NLS forwarding configuration. I want the rsyslog service running so that I can see if a specific audit.log file is being forwarded but want to eliminate the redundancy of log information. So I need the the audit.log and only the audit.log to be forwarded to NLS. Shutting off the rsyslog service doesn't accomplish this. It prevents any and all logs from being sent to the NLS.

[Linuxlogger]

I found what I needed. By moving the 90-nagioslogserver files from the /etc/rsyslog.d/ directory into another directory and restarting the rsyslog service it will stop logging the unwanted files.

[rkennedy]

Ah, I didn't understand properly initially. Sounds like you were able to get it figured out though!

Are we good to mark this thread as resolved?

[Linuxlogger]

Yes, we can mark this as resolved.

Thanks