How can I make it so log file is stored both remotely and locally using rsyslog?
From serverfault
Kyle Brandt
-
Put the following line in your /etc/rsyslog.d/remote.conf:
*.* @remote.server.ipThis can easily be extended for only logging specific facilities and levels to the remote server.
Kyle Brandt : Won't this just send the logs to the remote server and not the local one?Wouter de Bie : By default the configuration in Ubuntu for rsyslogd is done in /etc/rsyslog.conf. Here, local logging is already configured. Adding extra files in your /etc/rsyslog.d causes to log to a remote (or local) location as well. The /etc/rsyslog.d directory allows you to extend your configuration (not override it).From Wouter de Bie -
It looks like it's as simple as two lines in the config file:
*.* @loghost *.* /var/log/messagesThe rsyslog example configs have a few instances of teeing like this. The key one:
kern.* /var/adm/kernel kern.crit @finlandia;RFC3164fmt kern.crit /dev/console kern.info;kern.!err /var/adm/kernel-info The second statement directs all kernel messages of the priority crit and higher to the remote host finlandia. [...] The third rule directs these messages to the actual console, so the person who works on the machine will get them, too.From sysadmin1138 -
Wouter de Bie had a good answer, but he showed the UDP method of sending logs. In order to send them over the more reliable (though not 100%) TCP use something like:
*.* @@remote.server.ip
From BillRoth
0 comments:
Post a Comment