Chained Syslog forwarding
Is there a way to chain syslog forwarding? For example, how can a clienthost forward its syslogs to ServerA and ServerA forward everything to CentralSyslogServer?
I'm using rsyslog.
The reason is that Server A is a dual homed machine which gets logs from other hosts which should all be stored in CentralSyslogServer. Currently CentralSyslogServer seems to only be getting ServerA's local logs but nothing that was forwarded to ServerA from the clienthost.
Resolved:
I had to edit /etc/sysconfig/syslog and add -h to the SYSLOGD_OPTIONS
My mistake - serverA is using syslogd
Solution 1:
Yes you can:
In clienthost's rsyslog.conf:
*.* @@ServerA:514
In ServerA's rsyslog.conf:
*.* @@CentralSyslogServer:514
Of course, this is some really basic usage. Read the manual or online how-tos to get more advanced usage. Here's a little how-to about reliable forwarding with rsyslog.
To tell your servers to receive logs:
$ModLoad imtcp
$InputTCPServerRun 514
Solution 2:
I think you need this manual: http://www.rsyslog.com/storing-and-forwarding-remote-messages/