Hi,
I have a question that i don't find any answer on google, or i miss
something.
I want to forward logs to 2 remote servers + save log into local file.
For multiple remote i do that in the /etc/rsyslog.d/10-remote.conf
# Centralized_SYSLOG
auth,authpriv.* action(type="omfwd"
queue.type="linkedlist"
queue.filename="remote_syslog"
action.resumeRetryCount="-1"
queue.saveOnShutdown="on"
target="CENTRALIZED_SYSLOG" port="514" protocol="tcp"
)
# Redirect all log to ELK !
*.* action(type="omfwd"
queue.type="linkedlist"
queue.filename="remote_elastic"
action.resumeRetryCount="-1"
queue.saveOnShutdown="on"
target="ELK_PLATEFORM" port="5000" protocol="tcp"
)
And i have the default config in /etc/rsyslog.d/50-default.conf
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
But i got nothing in my local /var/log/auth.log
I used default config of rsyslog with this 2 changes
$ActionFileDefaultTemplate RSYSLOG_ForwardFormat
$PreserveFQDN on
I do something wrong, but i don't know what, do you have any idea ?
(rsyslog version : 8.2001.0-1ubuntu1.3)
Best regards,
Ludovic Hutin.
--
Ludovic Hutin
Responsable du pôle PCI (Plateformes Cloud et Intégration)
Direction du Numérique - Département Infrastructure
14 rue René Descartes
F - 67000 STRASBOURG
Tél. : +33 (0)3 68 85 64 78
ludovic.hu...@unistra.fr
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
