Redhat – Redirecting Syslog events from RHEL 6 to RHEL 5: is it possible to provide with the same event format

redhatrhel5rhel6rsyslogsyslog

For some reasons, we redirect syslog events from RHEL 6 (with rsyslog) to RHEL 5 (with syslogd).

On RHEL 6 in rsyslog.conf:

*.*                 @10.30.46.211

On RHEL 5 in /etc/sysconfig/syslog:

SYSLOGD_OPTIONS="-r -m 0"

On RHEL 6, the event looks like (/var/log/secure):

Oct 25 02:10:03 rh6q32 sshd[1849]: pam_unix(sshd:session): session
closed for user root

On RHEL 5, the same event looks like (/var/log/secure):

Oct 25 02:10:03 rh6q32 rh6q32 sshd[1849]: pam_unix(sshd:session):
session closed for user root

The difference is double using of host name (rh6q32).

The question: is it possible to get rid of double hostname?

Thanks,
Yuri

Best Answer

the difference is that apparently 6 is using rsyslog insteal of the old syslog. You can customize rsyslog with templates:

$template sysklogd,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%"
*.*     @192.168.1.1;sysklogd

from kkoncepts.net

Related Solutions

Centos – How to check from the command line if a reboot is required on RHEL or CentOS

https://access.redhat.com/discussions/3106621#comment-1196821

Don't forget that you might need to reboot because of core library updates, at least if it is glibc. (And also, services may need to be restarted after updates).

If you install the yum-utils package, you can use a command called needs-restarting.

You can use it both for checking if a full reboot is required because of kernel or core libraries updates (using the -r option), or what services need to be restarted (using the -s option).

needs-restarting -r returns 0 if reboot is not needed, and 1 if it is, so it is perfect to use in a script.

An example:

root@server1:~> needs-restarting  -r ; echo $?
Core libraries or services have been updated:
  openssl-libs -> 1:1.0.1e-60.el7_3.1
  systemd -> 219-30.el7_3.9

Reboot is required to ensure that your system benefits from these updates.

More information:
https://access.redhat.com/solutions/27943
1

Linux – Best Practices for rotating syslog logs on RHEL with different schedules

Set up a separate block for the messages log in /etc/logrotate.d/rsyslog (or whatever it's called on your install). It should use the setting for the specific log file match preferentially to a general one.

No, as Zoredache mentioned, multiple HUPs shouldn't break anything unless you're really hammering rsyslog anyway.

Best Answer

Related Solutions

Centos – How to check from the command line if a reboot is required on RHEL or CentOS

Linux – Best Practices for rotating syslog logs on RHEL with different schedules

Related Topic