7

Rsyslog storing analysis with ossec and forward to remote logstash syslog server

view full story
linux-howto

http://serverfault.com – I have the follow scenario: servers logging at ossec syslog emmbeded, at ossec server: rsyslog rules: :fromhost-ip, isequal, "10.20.30.40" /var/log/remote/vmware & ~ $Modload imfile $InputFileName /var/log/remote/vmware $InputFileTag vmware-esxi $InputFileStateFile stat-vmware-esxi $InputFileSeverity info $InputFileFacility local3 $InputRunFileMonitor local3.* @@10.20.30.30:5544 if $programname == 'vmware-esxi' then @@10.20.30.30:5544 & ~ *.info;mail.none;authpriv.none;cron.none;local3.none;local4.none;local5.none /var/log/messages . @@10.20.30.30:5 (HowTos)