Monday, December 12, 2011

rsyslog: Logging to remote server

Now that we've setup the rsyslogd server to accept incoming connections (NOTE: UDP somehow didn't work.  I had to configure rsyslogd to listen to TCP instead); we can now configure the "client" rsyslogd instance to log to a remote server.

In the "client" server, we'll need to edit the same configuration file /etc/rsyslog.conf.  I've added the highlighted lines below:
[...]
###############
#### RULES ####
###############

# Log all messages to this rsyslogd host
*.* @@myhost:514

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
[...]
The rest of the config file remains unchanged.  Reload/restart the service once we're done:
myclient:~# /etc/init.d/rsyslog reload
Reloading enhanced syslogd: rsyslogd.
We can now use the logger command to send log messages to the syslog.  Here's what I used:
# logger -t CLIENT_TEST "This is a test to test the test"
The following entry should be logged in myhost /var/log/syslog file:
Dec 12 15:17:52 myhost CLIENT_TEST: This is a test to test the test

2 comments:

Shmattie said...

I found that "*.* @@myhost:514" wasn't working. Removing 1 of the 2 @ fixed it. So I believe it should look like "*.* @myhost:514".

Thanks for the guide.

Raymond Boswel said...

According to the official documentation, @@ is used for a tcp connection, and @ is used for a udp connection.

Regards,
Raymond