send all puppet messages to rsyslog

[eric odell]

How to get all puppet agent/master logs to rsyslog? intend to ship all puppet agent/master messages to central loghost and parse with logstash and ship to elasticsearch. Currently puppet logs some messages to /var/log/messages via rsyslog  while puppet daemons write directly to /var/log/puppet/*.

puppet client/master syslogfacility  set to daemon:

puppet master --configprint syslogfacility

daemon

Thought that setting rsyslog to catch all logs with syslog facility of daemon:

grep daemon /etc/rsyslog.conf 

daemon.*        /var/log/daemon

should do the trick but this logs very little in /var/log/daemon while puppet continues to log most everything to /var/log/puppet/*

Also puppet logging to rsyslog may be poor choice when dealing with long multiline error messages...

Have considered running logstash directly on each puppet node/master but want to see if I can ship all puppet logs to central rsyslog server which already has logstash running...

[Hristo Mohamed]

For the puppet agent, you can always try tdis rsyslog syntax:
if $programname == 'puppet-agent' then /var/log/puppet.log
if $programname == 'puppet-agent' then ~

Same for the master process.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f0581c8f-b08d-4668-960a-8bf649b2522e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.