Send Logs to multiple syslog servers

rhelsyslog

Previously we were using one Logging server. But now we have added one extra Logging server which will also be storing logs received from client . I need to know how to add these two Syslog servers on client's syslog.conf file. So that both syslog servers receive the logs at same time.

Thanks

Best Answer

As you have not specified, and also for the benefit of other readers, I will describe what to do using syslog-ng and rsyslog to have a server logging simultaneously to two remote syslog servers.

If you have syslog-ng logging to a central syslog server, modify /etc/syslog-ng.conf

As an example:

source s_src { unix-dgram("/dev/log"); internal();
         file("/proc/kmsg" program_override("kernel"));
};

destination d_loghost {udp("10.10.1.1" port(514));};
log { source(s_src); destination(d_loghost); };

To syslog to a 2nd destination, add:

destination d_loghost2 {udp("10.10.1.2" port(514));};
log { source(s_src); destination(d_loghost2); };

If running rsyslog, then actually it is simpler.The configuration file is /etc/rsyslog.conf

Where you find a destination:

*.* @10.10.1.1:514

you add a 2nd destination:

*.* @10.10.1.2:514

After changing the configuration, the syslog daemons in the client side need to be restart. Being it respectively,

sudo service syslog-ng restart

or

sudo service rsyslog restart

As the syslog daemon sends all messages to all destinations configured, unless you explicitly filter out services or log levels, you do not need to configure anything else [in the client side]. Both will receive exactly the same logs.

Related Question