yum install rsyslog
yum install postfix
chkconfig rsyslog on
sudo mkdir /var/log/syslog
vim /etc/rsyslog.conf
Uncomment the UDP and TCP syslog reception items to match below:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Add Template before GLOBAL DIRECTIVES
$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/%$now%.log” *
*.* ?RemoteLogs
& ~
Make sure rsyslog is on on boot and restart it
systemctl enable rsyslog.service
systemctl restart rsyslog.service
Setup Email Alerting
$ModLoad ommail
$ActionMailSMTPServer localhost
$ActionMailFrom networkteam@pingpros.com
$ActionMailTo networkteam@pingpros.com
$template mailSubject,”Network Issue on %hostname%”
$template mailBody,”RSYSLOG Alert\nmsg=’%msg%'”
$ActionMailSubject mailSubject
# make sure we receive a mail only once in an
# hours (3600 seconds)
$ActionExecOnlyOnceEveryInterval 3600
# the if … then … mailBody must be on one line!
if ($msg contains ‘BGP’ or $msg contains ‘bgp’ or $msg contains ‘OSPF’ or $msg contains ‘ospf’ or $msg contains ‘FLAP’ or $msg contains ‘down’ or $msg contains ‘DOWN’ or $msg contains ‘SPAN’ or $msg contains ‘span’ or $msg contains ‘loop’ or $msg contains ‘LOOP’ or $msg contains ‘up’ or $msg contains ‘UP’) then :ommail:;mailBody
# re-set interval so that other actions are not affected
$ActionExecOnlyOnceEveryInterval 0
Setup logrotate
sudo vim /etc/logrotate.conf
At very bottom of the file do the following
# Rotate the log daily up to 5 years of retention 365 times 5
/var/log/syslog/*.log /var/log/syslog/*/*.log {
dateext
dateformat .%Y-%m-%d
daily
rotate 1825
compress
}
Test the rotations
logrotate -d /etc/logrotate.conf
1 Comment
Hi, Setup Email Alerting is not working, do you have a fix?