[Discuss] Monitor Modem Log On Server

[jbk]

> In rsyslog.conf I've added some templates, rules and 
> enabled listening on the udp port.
>
> ###############################
> ### Per-Host Templates for Remote Systems ###
> $template TmplAuthpriv, 
> "/var/log/remote/auth/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log" 
>
> $template TmplMsg, 
> "/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log" 
>
> ### end of user added lines
>
> # Provides UDP syslog reception
> $ModLoad imudp
> $UDPServerRun 514
>
> # Provides TCP syslog reception
> #$ModLoad imtcp
> #$InputTCPServerRun 514
>
> ### jbk added lines per SysAdminGuideF23 20160319
> # Provides TCP syslog reception
> #$ModLoad imtcp
> # Adding this ruleset to process remote messages
> $RuleSet remote1
> authpriv.*   ?TmplAuthpriv
> *.info;mail.none;authpriv.none;cron.none   ?TmplMsg
> $RuleSet RSYSLOG_DefaultRuleset   #End the rule set by 
> switching back to the default rule set
> $InputUDPServerBindRuleset remote1  #Define a new input 
> and bind it to the "remote1" rule set
> #$InputTCPServerRun 514
> ###################end of rsyslog edits############
>
> I've opened the tcp and udp port 514 on the firewall and 
> I've created the remote/auth and remote/msg directories in 
> /var/log
>
> Note the template definitions are one line.
>
> So there it is. What is hindering the log reception?
>
So I am wrong, I am receiving the modem log messages but 
they are all going to /var/log/messages.

So why are the templates not filtering the modem messages to 
the indicated locations?

Is it that the modem does not have a valid HOSTNAME?

Or, is the PROGRAMNAME keyword overly specific?

-- 
Jim Kelly-Rand
jbk at kjkelra.com