SysLog to EventViewer, other site

Dont create your support topics here! No new topics with questions allowed!

Moderator: crythias

Forum rules
Dont create your support topics here! No new topics with questions allowed!
Post Reply
crythias
Moderator
Posts: 10169
Joined: 04 May 2010, 18:38
Znuny Version: 5.0.x
Location: SouthWest Florida, USA
Contact:
Contact crythias

SysLog to EventViewer, other site

Post by crythias »

"How can I send the System log somewhere else? I have a centralized [r]Syslog repository."

Note: This would be considered an "advanced" feature. Please don't make changes to this unless you know this is explicitly what you want to do. It shouldn't break anything to make a change, but in this case, it will be difficult to troubleshoot as the LogModule won't be able to tell you what's wrong if it doesn't record properly. It may also be unable (?) to provide the log information in the web interface if the web interface doesn't have the ability to read where it writes. Mostly, this shouldn't be too much of a problem, as you should know why you're doing this if you have read this far.

Among other possibilities, this can provide a way to centralize logs for multiple OTRS installs.

This is the default configuration of LogModule unless Windows installer is used, and then LogModule is set to File.

Code: Select all

$Self->{LogModule} = 'Kernel::System::Log::SysLog'; #The module that creates the logs. If not SysLog, use File
# $Self->{'LogModule'} = 'Kernel::System::Log::File'; 
$Self->{'LogModule::SysLog::Facility'} = 'user'; 
#Facility is the type of syslog facility (auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, uucp and local0 through local7). 
#It will be coupled with the priority given in the log method:
#debug, info, notice, warning, err, crit, alert, emerg are valid for [r]syslog
$Self->{'LogModule::SysLog::LogSock'} = 'unix'; #Solaris may need 'stream'
$Self->{'LogModule::SysLog::Charset'} = 'iso-8859-15'; #or utf-8
$Self->{'LogModule::LogFile'} = '/tmp/otrs.log'; #required for Log::File
$Self->{'LogModule::LogFile::Date'} = 0; #1 if yyyy-mm should be added as suffix to log file    
See that $Self->{'LogModule::SysLog::LogSock'}?
its value is directly used -as is- for:
setlogsock($LogSock);
in Kernel/System/Log/SysLog.pm

Are you in Windows? You may want to consider change LogSock to "eventlog" and LogModule to SysLog see if it will record there (Event Viewer) instead of otrs.log.

Do you want to record elsewhere?

Code: Select all

$Self->{'LogModule::Syslog::LogSock'} = { 
   type => "tcp",  #or udp?
   host => "sysloghost", #hostname or ip address, destination for SysLog
   port => 2486 #if you need a specific port
}; 
Click the link for setlogsock for more information and how to use it for your needs.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Top
Post Reply

Return to “Howtos”