I am simply trying to set up a remote logging system. I think my setup is correct but it fails and I can't get any messages from rsyslog to show up in the logs, so I can't find out why. My iptables rules allow unrestricted access on port 514. I would also like to know in the future how I can get rsyslog to log to its own log file so I can find out.
I used the template shown on the redhat site: server:
# Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 $template TmplAuth "/var/log/%HOSTNAME%/%PROGRAMNAME%.log" authpriv.* ?TmplAuth *.info,mail.none,authpriv.none,cron.none ?TmplMsg Client:
$ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 $WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @loghost:514 # ### end of the forwarding rule ### rsyslog.conf files are abbreviated to what I think is the relevant info. Thanks in advanced
:FROMHOST-IP, isequal, "1.1.1.1" /var/log/www.logfrom your link and I got a log file to show up. Is this a requirement? This is the first blog to mention it. I'm glad I finally got something