Page 1 of 1
Removing log sources
Posted: Wed Aug 17, 2016 10:21 am
by Linuxlogger
I am attempting to troubleshoot the import of an audit.log file. It doesn't seem to be exporting to NLS, I have some of the same information that is being sent by rsyslog and other logs. How do I remove all log sources from a server so that I can verify that I am receiving the audit.log file.
Re: Removing log sources
Posted: Wed Aug 17, 2016 10:37 am
by rkennedy
If it's a Windows machine you could run net stop nxlog, and on Linux use service rsyslog stop. This will stop logs from sending into NLS for the time being.
Re: Removing log sources
Posted: Wed Aug 17, 2016 11:47 am
by Linuxlogger
Stopping the rsyslog service only stops the logs from being exported to NLS it does not remove the sources from the NLS forwarding configuration. I want the rsyslog service running so that I can see if a specific audit.log file is being forwarded but want to eliminate the redundancy of log information. So I need the the audit.log and only the audit.log to be forwarded to NLS. Shutting off the rsyslog service doesn't accomplish this. It prevents any and all logs from being sent to the NLS.
Re: Removing log sources
Posted: Wed Aug 17, 2016 1:13 pm
by Linuxlogger
I found what I needed. By moving the 90-nagioslogserver files from the /etc/rsyslog.d/ directory into another directory and restarting the rsyslog service it will stop logging the unwanted files.
Re: Removing log sources
Posted: Wed Aug 17, 2016 2:06 pm
by rkennedy
Ah, I didn't understand properly initially. Sounds like you were able to get it figured out though!
Are we good to mark this thread as resolved?
Re: Removing log sources
Posted: Thu Aug 18, 2016 9:48 am
by Linuxlogger
Yes, we can mark this as resolved.
Thanks