I have two virtual machines, VM1 and VM1.
On VM1, I set the firewall like so:
Code:
firewall-cmd --zone=public --add-port=510/tcp --permanent
firewall-cmd --zone=public --add-port=510/udp --permanent
firewall-cmd --reload
VM1 will be the receiver of logging from VM2.
The /etc/rsyslog.conf fragment for both VMs have this:
Code:
... ...
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
...
When I do this logging:
Quote:
[student@localhost log]$ logger -p local1.info "Test local logging: message1"
[student@localhost log]$ sudo tail messages
...
... ...
Nov 19 15:55:22 localhost student: Test local logging: message1
|
For VM1, it IP is 10.0.0.50.
And I added this in its /etc/rsyslog.conf:
Code:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 510
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 510
Then did these:
Code:
sudo systemctl stop rsyslog.service
sudo systemctl start rsyslog.service
On VM2, I did this in its /etc/rsyslog.conf:
Code:
# Provides UDP forwarding
*.* @10.0.0.50 #this is VM1
# Provides TCP forwarding
*.* @@10.0.0.50 #this is VM1
Then I did these:
Code:
sudo systemctl stop rsyslog.service
sudo systemctl start rsyslog.service
And now try to send a logging message in VM2.like so:
Code:
logger -p local0.info "message: rsyslog logging From VM2 to VM1"
This would be forwarded from VM2 to VM1 and put in file /var/log/messages.
But I only see it in VM2, and did not see any such message in VM1.
It seems there is a log in recording message in VM2 even though
I was sending logger info in VM2.
Why the delay?
How do I make write to /var/log/messages much faster.
What did I missed with regard to VM1 not registering the remote logging message sent from VM2?
Thank you.
