Guides
Basic Configuration
This first section will describe some basic configuration. Here you will not find complete configurations, but snippets on how to use different modules correctly and some description on how they are working.
-
Newbie guide to RSYSLOG
-
Installing RSYSLOG from RPM
-
Sending messages with tags larger than 32 characters
-
Using the syslog receiver module
-
Using the Text File Input Module
Some core configs
This section contains some basics. Things, that are used ever and ever again. It also contains some more in-depth description of what rsyslog does and why. It is recommended to at least briefly read through this part before going to more complex scenarios.
-
TLS secured syslog via RELP
-
Action’s with directives
-
Writing specific messages to a file and discarding them
-
Sending Messages to a Remote Syslog Server
-
Receiving Messages from a Remote System
-
Using a different log Format for all Files
-
Discarding unwanted messages
More complex scenarios
-
RSYSLOG and ElasticSearch
-
Parsing JSON (CEE) Logs and Sending them to Elasticsearch
-
Using TLS with RELP
-
Log normalization for different formats
-
Using MongoDB with RSYSLOG and LogAnalyzer
-
Normalizing Cisco ASA messages
-
Receiving CEE enhanced syslog in RSYSLOG
-
Storing and forwarding remote messages
-
How to write to a local socket?
-
Storing Messages from a Remote System into a specific File
-
Integration with "standard" syslogd
I suggest you open an issue at https://github.com/rsyslog/rsyslog/issues
rsyslog8.32 send message to kafka .error log like this: thankyou very much
omkafka: action will suspended due to kafka error -195: Local: Broker transport failure [v8.32.0 try http://www.rsyslog.com/e/2422 ]
Feb 2 23:50:39 minion rsyslogd[15542]: omkafka: action will suspended due to kafka error -187: Local: All broker connections are down [v8.32.0 try http://www.rsyslog.com/e/2422 ]