yum install rsyslog
yum install postfix
chkconfig rsyslog on
sudo mkdir /var/log/syslog
vim /etc/rsyslog.conf
Uncomment the UDP and TCP syslog reception items to match below:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Add Template before GLOBAL DIRECTIVES
$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/%$now%.log” *
*.* ?RemoteLogs
& ~
Make sure rsyslog is on on boot and restart it
systemctl enable rsyslog.service
systemctl restart rsyslog.service
Setup Email Alerting
$ModLoad ommail
$ActionMailSMTPServer localhost
$ActionMailFrom networkteam@pingpros.com
$ActionMailTo networkteam@pingpros.com
$template mailSubject,”Network Issue on %hostname%”
$template mailBody,”RSYSLOG Alert\nmsg=’%msg%'”
$ActionMailSubject mailSubject
# make sure we receive a mail only once in an
# hours (3600 seconds)
$ActionExecOnlyOnceEveryInterval 3600
# the if … then … mailBody must be on one line!
if ($msg contains ‘BGP’ or $msg contains ‘bgp’ or $msg contains ‘OSPF’ or $msg contains ‘ospf’ or $msg contains ‘FLAP’ or $msg contains ‘down’ or $msg contains ‘DOWN’ or $msg contains ‘SPAN’ or $msg contains ‘span’ or $msg contains ‘loop’ or $msg contains ‘LOOP’ or $msg contains ‘up’ or $msg contains ‘UP’) then :ommail:;mailBody
# re-set interval so that other actions are not affected
$ActionExecOnlyOnceEveryInterval 0
Setup logrotate
sudo vim /etc/logrotate.conf
At very bottom of the file do the following
# Rotate the log daily up to 5 years of retention 365 times 5
/var/log/syslog/*.log /var/log/syslog/*/*.log {
dateext
dateformat .%Y-%m-%d
daily
rotate 1825
compress
}
Test the rotations
logrotate -d /etc/logrotate.conf
3 Comments
Hi, Setup Email Alerting is not working, do you have a fix?
Hi Aron what issues are you seeing with the email alerting exactly? Do you have postfix and everything installed? Do you see anything in the log files?
Hey, thanks for your response, SELinux was blocking, after disable it email alerts worked,