Auteur: Matthew Newton Date: À: Dan Liles CC: 'Exim-users' Sujet: Re: [exim] exim queue stats across a cluster
On Sat, Mar 11, 2017 at 05:56:19PM -0600, Dan Liles via Exim-users wrote: > I'm looking at this solution now - I do have one question though. What's
> the best way to setup rsyslog so that I can aggregate the log data to one
> location? I don't have that setup right now and I'm a bit confused on how
> to do it.
You could get exim to syslog and then configure your syslogd
(rsyslog from the sounds of it) to send over to a machine running
logstash, then configure syslog input in logstash. But standard
syslog is UDP, so unreliable, and that means if you e.g. restart
logstash then you lose logs for that time.
I don't use rsyslog much so unsure of the config for that. I think
it might have some reliable TCP-based transports that logstash
also supports which could be used.
I personally use log-courier, which reads the exim log files
directly from disk and feeds them over. It's small and easy to
drop in, though does need a go compiler, but that's pretty easy
too.
The "official" file reader is filebeat, which should work
similarly but involve less work on logstash as it won't need a
plugin installing.
Both these last two will remember the position in the log and
restart from there if something is stopped, so you don't lose logs
on restart etc.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4@???>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@???>