I want to transfer all system logs to a remote machine's port.
RHEL version :
Red Hat Enterprise Linux Server release 5.11
The performed actions:
Adding below line to /etc/syslog.conf
*.* @10.100.7.2:6680 Then restart syslog daemon:
service syslog stop service syslog start But I cannot see the logs in the remote machine. IP is pingable. There is no rsyslog installed in the os environment. Do you think any additional modification needed?
you must install rsyslog on remote host to handle incomming syslog packet.
I use tho following setting in /etc/rsyslog.d/remote.conf
$UDPServerRun 514 # start a UDP syslog server at standard port 514 module(load="imudp") # needs to be done just once input(type="imudp" port="514") $template RemoteHost,"/var/log/remote/%HOSTNAME%/%$YEAR%/%$MONTH%-%$DAY%.log" *.* ?RemoteHost In your case, you must replace 514 by 6680.
On sending hosts (hosts that I want to capture rsyslog), I use (/etc/rsyslog.d/distant.conf)
*.* action(type="omfwd" target="8.8.8.8" port="514" protocol="udp" action.resumeRetryCount="10" ) with 8.8.8.8 being IP of host above.