How to send collected logs via syslog to another server?

nina g

New Member
Joined
Dec 23, 2021
Messages
5
Reaction score
0
Credits
49
We have an Ubuntu server that acts as our syslog server. It is currently ingesting logs from our Centos7 which is our syslog client.

From the syslog server, is there a way to send only the collected logs from Centos7 to another Linux server?

The flow would look like:

Centos7 (syslog client) -> Ubuntu (syslog server - I only want to send logs collected from Centos7) - > Linux server
 


Hey Nina,

From the syslog server, is there a way to send only the collected logs from Centos7 to another Linux server?
  • What options do you currently have? Are you sticking strictly to syslog? (rsyslog)
  • Is it required to send it all logs to just the single server? (You can declare multiple destinations in your configuration)
  • Are you planning to do this in near real time or by a scheduled cron job?
You have a lot of options for forwarding logs from your syslog server using (forwarders) rsyslog, syslog-ng, Splunk forwarder (integrates with syslog server), or with logstash. You just need to select which forwarder, what you want to forward.

Example:
https://www.rsyslog.com/doc/v8-stable/configuration/templates.html - Templates in syslog provide a way to capture the hostname and other key-values you're looking to send.
 
Hi Tl2038,

Currently, on my Centos7, rsyslog is configured to forward its logs to the Ubuntu 20.04. I'm a little familiar with rsyslog and looking to stick with this for now.

Right now, I'd like to know how I can configure the Ubuntu to send only the collected syslogs from the Centos7 client to another linux machine.

I'm open to anything that makes this easy.
 
Simple thing to do then would be to write it to two destinations.

In your syslog conf on centos7,

Your first destination would be (Ubuntu 20.04)

*.* @10.10.0.1:514

You append a 2nd destination (linux server) to the config:

*.* @10.10.0.2:514
 
This would be better off in Server Linux , would it not?

Nina (and welcome :)) take a look through there and let me know which is most appropriate and I'll move you there.

Chris Turner
wizardfromoz
 
Simple thing to do then would be to write it to two destinations.

In your syslog conf on centos7,

Your first destination would be (Ubuntu 20.04)

*.* @10.10.0.1:514

You append a 2nd destination (linux server) to the config:

*.* @10.10.0.2:514
Understood and that makes sense to do the config on the centos7 alone. But is it possible, from the ubuntu, to forward the collected centos7 syslogs to another linux server?

I get that it's practical to just do the config on the centos7 itself but was wondering if this can be done from the ubuntu. If so, how?
 
Hang on to your hats and we'll take a magic carpet ride to General Server.
 

Members online


Top