LinuxQuestions.org - [SOLVED] rsyslog forwarding new messages only

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - rsyslog forwarding new messages only (https://www.linuxquestions.org/questions/linux-server-73/rsyslog-forwarding-new-messages-only-4175695503/)

rsyslog forwarding new messages only

hello

Configuring rsyslog on Centos 7 to forward logs to a centralized syslog server.

rsyslog forwards new log lines fine as expected. But the old existing lines in /var/log/messages are not forwarded. I see this is the normal behavior, only new lines will be forwarded.

Any way I can forward all existing lines from /var/log/messages ?

Quote:

Originally Posted by saeeddeep (Post 6253209)

hello
Configuring rsyslog on Centos 7 to forward logs to a centralized syslog server.

rsyslog forwards new log lines fine as expected. But the old existing lines in /var/log/messages are not forwarded. I see this is the normal behavior, only new lines will be forwarded. Any way I can forward all existing lines from /var/log/messages ?

Is there a reason you need those lines? If it's only about archiving purposes, you can just copy the file to the central syslog server and be done.

Alternatively, you can use either the logger command, or even something like:

Code:

cat <FILE NAME> | nc -4u -w1 <SYSLOG HOST> <SYSLOG PORT>

Have you searched for any solutions on your own? After thirteen years, you should know to do basic research first.

yes, forwarding all content of /var/log/messages to rsyslog server is required.
cat file | nc .. before start forwarding logs solved this requirement. thanks TB0ne

Quote:

Originally Posted by saeeddeep (Post 6253232)

yes, forwarding all content of /var/log/messages to rsyslog server is required.
cat file | nc .. before start forwarding logs solved this requirement. thanks TB0ne

Why was it 'required', and why wouldn't just copying/appending the file fit the 'requirement'?? And again, please do basic research first per the "Question Guidelines".