LinuxQuestions.org - [SOLVED] Testing rsyslog remote logging

I have two virtual machines, VM1 and VM1.

On VM1, I set the firewall like so:

Code:

 firewall-cmd --zone=public --add-port=510/tcp --permanent

 firewall-cmd --zone=public --add-port=510/udp --permanent

 firewall-cmd --reload

VM1 will be the receiver of logging from VM2.

The /etc/rsyslog.conf fragment for both VMs have this:

Code:

... ... 

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages



...

When I do this logging:

Quote:

[student@localhost log]$ logger -p local1.info "Test local logging: message1"
[student@localhost log]$ sudo tail messages
...
... ...
Nov 19 15:55:22 localhost student: Test local logging: message1

For VM1, it IP is 10.0.0.50.
And I added this in its /etc/rsyslog.conf:

Code:

# Provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 510

                                

# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 510

Then did these:

Code:

sudo systemctl stop rsyslog.service

sudo systemctl start rsyslog.service

On VM2, I did this in its /etc/rsyslog.conf:

Code:

# Provides UDP forwarding

*.* @10.0.0.50                    #this is VM1



# Provides TCP forwarding 

*.* @@10.0.0.50                        #this is VM1

Then I did these:

Code:

sudo systemctl stop rsyslog.service

sudo systemctl start rsyslog.service

And now try to send a logging message in VM2.like so:

Code:

logger -p local0.info "message: rsyslog logging From VM2 to VM1"

This would be forwarded from VM2 to VM1 and put in file /var/log/messages.
But I only see it in VM2, and did not see any such message in VM1.

It seems there is a log in recording message in VM2 even though
I was sending logger info in VM2.
Why the delay?
How do I make write to /var/log/messages much faster.

What did I missed with regard to VM1 not registering the remote logging message sent from VM2?

Thank you.