How to send collected logs via syslog to another server?

nina g

New Member
Joined
Dec 23, 2021
Messages
5
Reaction score
0
Credits
49
We have an Ubuntu server that acts as our syslog server. It is currently ingesting logs from our Centos7 which is our syslog client.

From the syslog server, is there a way to send only the collected logs from Centos7 to another Linux server?

The flow would look like:

Centos7 (syslog client) -> Ubuntu (syslog server - I only want to send logs collected from Centos7) - > Linux server
 


Tl2038

New Member
Joined
Dec 21, 2021
Messages
12
Reaction score
16
Credits
91
Hey Nina,

From the syslog server, is there a way to send only the collected logs from Centos7 to another Linux server?
  • What options do you currently have? Are you sticking strictly to syslog? (rsyslog)
  • Is it required to send it all logs to just the single server? (You can declare multiple destinations in your configuration)
  • Are you planning to do this in near real time or by a scheduled cron job?
You have a lot of options for forwarding logs from your syslog server using (forwarders) rsyslog, syslog-ng, Splunk forwarder (integrates with syslog server), or with logstash. You just need to select which forwarder, what you want to forward.

Example:
https://www.rsyslog.com/doc/v8-stable/configuration/templates.html - Templates in syslog provide a way to capture the hostname and other key-values you're looking to send.
 
OP
N

nina g

New Member
Joined
Dec 23, 2021
Messages
5
Reaction score
0
Credits
49
Hi Tl2038,

Currently, on my Centos7, rsyslog is configured to forward its logs to the Ubuntu 20.04. I'm a little familiar with rsyslog and looking to stick with this for now.

Right now, I'd like to know how I can configure the Ubuntu to send only the collected syslogs from the Centos7 client to another linux machine.

I'm open to anything that makes this easy.
 

Tl2038

New Member
Joined
Dec 21, 2021
Messages
12
Reaction score
16
Credits
91
Simple thing to do then would be to write it to two destinations.

In your syslog conf on centos7,

Your first destination would be (Ubuntu 20.04)

*.* @10.10.0.1:514

You append a 2nd destination (linux server) to the config:

*.* @10.10.0.2:514
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,498
Reaction score
6,348
Credits
26,486
This would be better off in Server Linux , would it not?

Nina (and welcome :)) take a look through there and let me know which is most appropriate and I'll move you there.

Chris Turner
wizardfromoz
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,900
Reaction score
3,526
Credits
35,667
OP
N

nina g

New Member
Joined
Dec 23, 2021
Messages
5
Reaction score
0
Credits
49
Simple thing to do then would be to write it to two destinations.

In your syslog conf on centos7,

Your first destination would be (Ubuntu 20.04)

*.* @10.10.0.1:514

You append a 2nd destination (linux server) to the config:

*.* @10.10.0.2:514
Understood and that makes sense to do the config on the centos7 alone. But is it possible, from the ubuntu, to forward the collected centos7 syslogs to another linux server?

I get that it's practical to just do the config on the centos7 itself but was wondering if this can be done from the ubuntu. If so, how?
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,498
Reaction score
6,348
Credits
26,486
Hang on to your hats and we'll take a magic carpet ride to General Server.
 

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
7,498
Reaction score
6,348
Credits
26,486
We have landed at General Server. Thank you for flying Air Wizard
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Staff online

Members online


Top