Send DNS logs over syslog in Cent8
by witchkinkofangmar from LinuxQuestions.org on (#5QQGY)
I need to send DNS logs in /var/log/messages over syslog to a log collector at 10.1.3.71 on port 31714/tcp
I created a file in /etc/rsyslog.d/dns-log.conf that contains these settings:
Code:$FileCreateMode 0640
$ModLoad imfile
$InputFilePollInterval 10
$InputFileName /var/log/messages
$InputFileTag MSSG
$InputFileStateFile Stat-MSSG
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePersistStateInterval 1000I also edited rsyslog.conf with the following lines:
Code:Target="10.1.3.71" Port="31714" Protocol="tcp"and uncommented these:
Code:module(load="imtcp") # needs to be done just once
input(type="imtcp" port="31714")When I restart rsyslog, I get:
Quote:
I created a file in /etc/rsyslog.d/dns-log.conf that contains these settings:
Code:$FileCreateMode 0640
$ModLoad imfile
$InputFilePollInterval 10
$InputFileName /var/log/messages
$InputFileTag MSSG
$InputFileStateFile Stat-MSSG
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePersistStateInterval 1000I also edited rsyslog.conf with the following lines:
Code:Target="10.1.3.71" Port="31714" Protocol="tcp"and uncommented these:
Code:module(load="imtcp") # needs to be done just once
input(type="imtcp" port="31714")When I restart rsyslog, I get:
Quote:
| Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: Error while binding tcp socket: Permission denied [v8.1911.0-6.el8] Oct 14 18:03:03 vmanme.org.com systemd[1]: Started System Logging Service. Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: Error while binding tcp socket: Permission denied [v8.1911.0-6.el8] Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: Could not create tcp listener, ignoring port 31714 bind-address (null). [v8.1911.0-6.el8 try https://www.rsyslog.com/e/2077 ] Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: [origin software="rsyslogd" swVersion="8.1911.0-6.el8" x-pid="272887" x-info="https://www.rsyslog.com"] start Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: imjournal: journal files changed, reloading... [v8.1911.0-6.el8 try https://www.rsyslog.com/e/0 ] Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: cannot connect to 10.1.3.71:31714: Permission denied [v8.1911.0-6.el8 try https://www.rsyslog.com/e/2027 ] Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: action 'action-7-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.1911.0-6.el8 try https://www.rsyslog.com/e/2> Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: cannot connect to 10.1.3.71:31714: Permission denied [v8.1911.0-6.el8 try https://www.rsyslog.com/e/2027 ] Oct 14 18:03:03 vmanme.org.com rsyslogd[272887]: action 'action-7-builtin:omfwd' suspended (module 'builtin:omfwd'), next retry is Thu Oct 14 18:03:33 2021, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8. |