Re: [rsyslog] Configuration of rsyslog to send to 2 remote servers and save into local file

Tue, 13 Dec 2022 03:32:01 -0800

we don't know what your default configuration is (that's set by the distro, not by us), so please post your full configs.
that said, first check your config for errors (rsyslogd -N1), then enable impstats so that you can see the status of the different queues and outputs (to see if you are having queues fill up and outputs failing) 

David Lang

On Tue, 13 Dec 2022, Ludovic Hutin via rsyslog wrote:


Date: Tue, 13 Dec 2022 10:13:23 +0100
From: Ludovic Hutin via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog@lists.adiscon.com
Cc: Ludovic Hutin <ludovic.hu...@unistra.fr>
Subject: [rsyslog] Configuration of rsyslog to send to 2 remote servers and
    save into local file

Hi,


    I have a question that i don't find any answer on google, or i miss 
something.


    I want to forward logs to 2 remote servers + save log into local file.

    For multiple remote i do that in the /etc/rsyslog.d/10-remote.conf

    # Centralized_SYSLOG
    auth,authpriv.* action(type="omfwd"
      queue.type="linkedlist"
      queue.filename="remote_syslog"
      action.resumeRetryCount="-1"
      queue.saveOnShutdown="on"
      target="CENTRALIZED_SYSLOG" port="514" protocol="tcp"
     )

    # Redirect all log to ELK !
    *.* action(type="omfwd"
      queue.type="linkedlist"
      queue.filename="remote_elastic"
      action.resumeRetryCount="-1"
      queue.saveOnShutdown="on"
      target="ELK_PLATEFORM" port="5000" protocol="tcp"
     )

    And i have the default config in /etc/rsyslog.d/50-default.conf

    auth,authpriv.*                 /var/log/auth.log
    *.*;auth,authpriv.none          -/var/log/syslog

    But i got nothing in my local /var/log/auth.log

    I used default config of rsyslog with this 2 changes

    $ActionFileDefaultTemplate RSYSLOG_ForwardFormat
    $PreserveFQDN on

    I do something wrong, but i don't know what, do you have any idea ?

    (rsyslog version : 8.2001.0-1ubuntu1.3)

Best regards,

Ludovic Hutin.



_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to