| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-14-2012, 03:03 PM
|
#1
|
|
LQ Newbie
Registered: Aug 2012
Location: Richmond, VA
Distribution: CentOS 6/Red Hat ES5.5
Posts: 8
Rep: 
|
Remote rsyslog using 'localhost' instead of name of the remote host
I am performing this in a text environment so there is no harm in messing anything up.
Objective: To have all the logs of the client server forwarded to the log server.
Client ip: 192.168.3.209
Client hostname:testsrv1
Log server ip: 192.168.3.210
Log server name: logsrv
I have testsr1 sending the logs to logsrv in the standard /var/log structure. However, when reading the logs on logsrv, the hostname "localhost" is appearing instead of testsrv1. I am guessing there is a config option somewhere but have looked on rsyslog.com and Google and can't find it.
|
|
|
|
|
09-14-2012, 03:11 PM
|
#2
|
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
wtf would a text environment have any relation to messing things up??
Please provide your syslog.conf files, and samples of the logged data.
|
|
|
|
|
09-15-2012, 07:51 AM
|
#3
|
|
LQ Newbie
Registered: Aug 2012
Location: Richmond, VA
Distribution: CentOS 6/Red Hat ES5.5
Posts: 8
Original Poster
Rep:
|
My apologies. I meant to say test environment; not text.
Config for logsrv
Code:
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
#
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Custom rule from me
:fromhost-ip, isequal, "192.168.3.210" /var/rsyslog/test/test.log
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
Config for testsrv1
Code:
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
kern.warning /var/log/iptables
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@192.168.3.210
|
|
|
|
|
03-13-2014, 04:07 AM
|
#4
|
|
LQ Newbie
Registered: Mar 2014
Posts: 6
Rep:
|
Have you solved your problem?
Have you solved your problem?
I faced the same one with RELP, not uxtcp.
|
|
|
|
|
12-17-2017, 08:25 AM
|
#5
|
|
Member
Registered: Aug 2003
Location: The Hague, The Netherlands
Distribution: Mandrake 9something, Gentoo
Posts: 49
Rep: 
|
I just ran into this and it was an easy fix. I suspected rsyslog was looking up 127.0.0.1
So I went into /etc/hosts and put the hostname in, before localhost. So the line now reads:
127.0.0.1 myhostname localhost
Restart rsyslog, or reboot, and now myhostname is sent along to the syslog server.
|
|
|
|
|
12-23-2019, 02:55 PM
|
#6
|
|
LQ Newbie
Registered: May 2006
Posts: 2
Rep: 
|
Quote:
Originally Posted by Iturbide
I went into /etc/hosts and put the hostname in, before localhost. So the line now reads:
127.0.0.1 myhostname localhost
Restart rsyslog, or reboot, and now myhostname is sent along to the syslog server.
|
I tried that. No luck. What a strange and frustrating bug.
I'm seeing it with rsyslog-8.1911.0-1.fc31.x86_64 on Fedora 31. The only cure I found is to restart rsyslog after boot.
Last edited by the_yeti; 12-23-2019 at 02:57 PM.
|
|
|
|
All times are GMT -5. The time now is 01:06 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
