Closed VincentSaelzler closed 2 years ago
how to SEND logs: https://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/
how to RECEIVE logs https://www.rsyslog.com/receiving-messages-from-a-remote-system/
more about testing: https://www.geeksforgeeks.org/getting-started-with-rsyslog-in-linux/
Okay, so got a SUPER base config working. Also figured out how to debug the configuration.
# test local log capture.
# The default input module (imuxsock) needs to be configured on the log server
logger "Sending this over (default) Unix sockets"
# test sending logs from client to server
# If server is not configured to receive, it will report failure. If it works, nothing is returned.
logger --server 192.168.129.31 --port 514 --tcp "Sending this over TCP"
logger: failed to connect to 192.168.129.31 port 514
Here are the config files. Currently, overwriting all defaults and ONLY having this config.
Server
# local logs
module(load="imuxsock")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
action(type="omfile" file="/var/log/everything.log")
& stop
Client
#Improved action (in case remote system is uncreachable)
*.* action(type="omfwd" target="192.0.129.31" port="514" protocol="tcp"
action.resumeRetryCount="100"
queue.type="linkedList" queue.size="10000")
next steps: remove the entire file that's auto-generated via apt install because it only adds confusion.
It doesn't really do what we want.
https://www.loggly.com/use-cases/rsyslog-manual-configuration-and-troubleshooting/