|
Hello everyone,
We're migrating our LDAP servers to new RHEL 7. Previously we had RHEL 5.2 and Openldap logging was working just fine with the following config using syslog. ·
Set up OpenLDAP logging: o (as
root user) mkdir /var/log/openldap o (as
root user) chmod 755 /var/log/openldap o (as
root user) touch /var/log/openldap/openldap.log o (as
root user) vi /etc/syslog.conf § Add
the line “Local6.* /var/log/openldap/openldap.log” o (as
root user) kill –HUP <process ID of syslogd> The new servers have rsyslog instead of syslog and I did the same procedures in rsyslog.conf file, set olcloglevel as sync stats same as in the old server and restarted rsyslog with systemctl restart rsyslog.service .The openldap.log file is empty. I have tried local4 too and same result. My rsyslog.conf file looks like this . Can someone please help me with this? Any help is appreciated. # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog daemon.* /var/log/daemon.log kern.* /var/log/kern.log syslog.* /var/log/syslog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log #OpenLDAP logging local6.* /var/log/openldap/openldap.log # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /var/lib/rsyslog # where to place spool files #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### ## Nessus/CIS compliance items ## Send everything to Unix syslog host ## Following setting is per Chris Humphrey 6/19/2013 *.err;kern.notice;auth.notice;auth.crit;daemon.notice @siem-unix.abc.com ## Send httpd logs to Apache syslog host - requires additional apache config daemon.notice @@SIEM-apache.abc.com auth,user.* /var/log/messages # A template to for higher precision timestamps + severity logging $template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" |