Chained Syslog forwarding

syslog rsyslog

Is there a way to chain syslog forwarding? For example, how can a clienthost forward its syslogs to ServerA and ServerA forward everything to CentralSyslogServer?

I'm using rsyslog.

The reason is that Server A is a dual homed machine which gets logs from other hosts which should all be stored in CentralSyslogServer. Currently CentralSyslogServer seems to only be getting ServerA's local logs but nothing that was forwarded to ServerA from the clienthost.

Resolved:

I had to edit /etc/sysconfig/syslog and add -h to the SYSLOGD_OPTIONS

My mistake - serverA is using syslogd


Solution 1:

Yes you can:

In clienthost's rsyslog.conf:

*.* @@ServerA:514

In ServerA's rsyslog.conf:

*.* @@CentralSyslogServer:514

Of course, this is some really basic usage. Read the manual or online how-tos to get more advanced usage. Here's a little how-to about reliable forwarding with rsyslog.

To tell your servers to receive logs:

$ModLoad imtcp
$InputTCPServerRun 514

Solution 2:

I think you need this manual: http://www.rsyslog.com/storing-and-forwarding-remote-messages/

Related

Using 4 wifi channels rather than 3
upgrading ext3 fs on ubuntu 8.04
Windows is unable to remember login credentials for DAV network share
Does VirtualBox "Export Appliance" feature also export the snapshots?
Amazon S3 Set Expires header
Linux server ran out of memory stopped everything except ssh and swap was unused
"service mysqld stop" times out (then found out that "mysqld dead but subsys locked")
Server configuration automation for windows server on ec2, how much can be done?
How to sync (or at least view) public / team / shared calendar to Blackberry using BES?
Running background jobs In a clustered environment
Jenkins slave fails handshaking on windows
Install single SSH key multiple times on single machine via puppet