Put these on the beginning of /usr/local/etc/rsyslog.conf
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate TraditionalFormat
References:
http://www.rsyslog.com/using-a-different-log-format-for-all-files/
http://linux.derkeiler.com/Mailing-Lists/Debian/2010-01/msg01921.html
Recently I was trying out rsyslogd, partially because I want to set up a log server, but the built-in syslogd can’t send log messages to remote log server encrypted. First I read there is a solution using stunnel to create an encrypted tunnel around log messages. Another article suggests that we should just use rsyslogd.
rsyslogd is designed to be compatible with the original syslogd, but I found that the configuration used to send failed login attempts to sshguard doesn’t work in rsyslogd anymore:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
So after some research I came up with this solution:
First, make a named pipe
# mkfifo /var/log/sshguard.fifo
Tell rsyslogd to send messages to that pipe. In /usr/local/etc/rsyslog.conf , add:
auth.info;authpriv.info |/var/log/sshguard.fifo
Feed the pipe into sshguard and put this command in background:
# cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &
Put the above command inside /etc/rc.local , so that it would automatically execute upon boot.
噴火獸號:裴列恩之艦 