Was playing with the script and centralized logging.
audit.log -> rsyslog (imfile) -> send over the network -> rsyslog -> audit.log (on centralized server)
The idea is to have a single log for several servers (multi-servers farm) with extended logging (not Zimbra's logrotate default), on another server.
The script doesn't work with the concatenated file because it contains additional fields.
There's a date field (in the syslog format, it's the date the message was received), the hostname (of the sending server) and a tag (because imfile needs a tag), then the original message.
Do you think a CLI parameter ("-C" for centralized logging?) could be added to the script, so the script knows it should skips the added syslog-date and tag but keeps the hostname (and add it to the result table)?
audit.log -> rsyslog (imfile) -> send over the network -> rsyslog -> audit.log (on centralized server)
The idea is to have a single log for several servers (multi-servers farm) with extended logging (not Zimbra's logrotate default), on another server.
The script doesn't work with the concatenated file because it contains additional fields.
There's a date field (in the syslog format, it's the date the message was received), the hostname (of the sending server) and a tag (because imfile needs a tag), then the original message.
Do you think a CLI parameter ("-C" for centralized logging?) could be added to the script, so the script knows it should skips the added syslog-date and tag but keeps the hostname (and add it to the result table)?
Statistics: Posted by Klug — Sat Feb 08, 2025 3:25 pm