LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-19-2016, 06:57 PM   #1
fanoflq
Member
 
Registered: Nov 2015
Posts: 235

Rep: Reputation: Disabled
Testing rsyslog remote logging


I have two virtual machines, VM1 and VM1.

On VM1, I set the firewall like so:
Code:
 firewall-cmd --zone=public --add-port=510/tcp --permanent
 firewall-cmd --zone=public --add-port=510/udp --permanent
 firewall-cmd --reload
VM1 will be the receiver of logging from VM2.

The /etc/rsyslog.conf fragment for both VMs have this:
Code:
... ... 
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

...
When I do this logging:
Quote:
[student@localhost log]$ logger -p local1.info "Test local logging: message1"
[student@localhost log]$ sudo tail messages
...
... ...
Nov 19 15:55:22 localhost student: Test local logging: message1
For VM1, it IP is 10.0.0.50.
And I added this in its /etc/rsyslog.conf:
Code:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 510
				
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 510
Then did these:
Code:
sudo systemctl stop rsyslog.service
sudo systemctl start rsyslog.service
On VM2, I did this in its /etc/rsyslog.conf:
Code:
# Provides UDP forwarding
*.* @10.0.0.50                    #this is VM1

# Provides TCP forwarding 
*.* @@10.0.0.50			#this is VM1
Then I did these:
Code:
sudo systemctl stop rsyslog.service
sudo systemctl start rsyslog.service
And now try to send a logging message in VM2.like so:
Code:
logger -p local0.info "message: rsyslog logging From VM2 to VM1"
This would be forwarded from VM2 to VM1 and put in file /var/log/messages.
But I only see it in VM2, and did not see any such message in VM1.

It seems there is a log in recording message in VM2 even though
I was sending logger info in VM2.
Why the delay?
How do I make write to /var/log/messages much faster.


What did I missed with regard to VM1 not registering the remote logging message sent from VM2?

Thank you.

Last edited by fanoflq; 11-19-2016 at 10:14 PM.
 
Old 11-19-2016, 10:31 PM   #2
fanoflq
Member
 
Registered: Nov 2015
Posts: 235

Original Poster
Rep: Reputation: Disabled
Error found:
# Provides UDP forwarding
*.* @@10.0.0.50 #this is VM1

revised to
# Provides UDP forwarding
*.* @10.0.0.50 #this is VM1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Howto: Remote Syslog Logging With Rsyslog LXer Syndicated Linux News 0 05-28-2016 02:03 PM
LXer: How to configure rsyslog client for remote logging on CentOS LXer Syndicated Linux News 0 12-10-2014 01:44 PM
Rsyslog not logging Dig Linux - Software 10 09-18-2014 04:49 PM
[SOLVED] Rsyslog remote logging via tcp not working - plz help sh_lnx Linux - Server 9 06-14-2013 08:22 AM
[SOLVED] syslog remote logging with rsyslog server Chenchu Linux - Newbie 3 09-17-2011 02:34 PM


All times are GMT -5. The time now is 02:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration