Page 1 of 2
Send same log to 2 different NLS Setup
Posted: Wed Feb 13, 2019 11:56 pm
by Sampath.Basireddy
Hi There,
Is it possible to configure rsyslog to forward same logfile to 2 different NLS instances?
Thank You.
Re: Send same log to 2 different NLS Setup
Posted: Thu Feb 14, 2019 11:27 am
by cdienger
It is. Simply add a new line to the config. For example:
if $programname == 'apache_access' then @host:5544
if $programname == 'apache_access' then @@anotherhost:5544
Your config will likely look different depending on which logs you're sending. Our scripts place rsyslog config in /etc/rsyslog.d/.
Re: Send same log to 2 different NLS Setup
Posted: Tue Feb 19, 2019 11:36 pm
by Sampath.Basireddy
Tried adding that, but no luck. I still don't see logs on the new NLS destination. Existing NLS destination is receiving just fine.
Although some other logs are being successfully sent to new destination from the very same server, except this one log.
PM'd you the rsyslog conf and Global Config screenshot.
Re: Send same log to 2 different NLS Setup
Posted: Wed Feb 20, 2019 10:51 am
by cdienger
Did you restart rsyslogd after making the change? Also be aware that @ tells rsyslog to use udp to send the traffic and @@ is for tcp - you may need to allow this through a firewall if it isn't already.
Re: Send same log to 2 different NLS Setup
Posted: Wed Feb 20, 2019 12:53 pm
by Sampath.Basireddy
Hello
@cdienger,
Yes, rsyslogd service was restarted and also traffic is allowed on tcp port 5544 from server to NLS.
There is another log on the same server which is being sent successfully to NLS on port 5544.
I will PM you the rsyslog conf files.
Re: Send same log to 2 different NLS Setup
Posted: Wed Feb 20, 2019 2:02 pm
by Sampath.Basireddy
@cdienger, Sent you couple of PMs. Can you please check.
Re: Send same log to 2 different NLS Setup
Posted: Wed Feb 20, 2019 3:21 pm
by cdienger
The configuration looks good. What is the output of "rsyslogd -N 1" ?
Re: Send same log to 2 different NLS Setup
Posted: Wed Feb 20, 2019 4:36 pm
by Sampath.Basireddy
Here is the output of rsyslogd -N 1 from server:
Code: Select all
[root@server1 ~]# rsyslogd -N 1
rsyslogd: version 5.8.10, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c5 as the first rsyslogd option.
rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad immark
rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: MarkMessagePeriod 1200
rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock
rsyslogd: End of config validation run. Bye.
[root@server1 ~]#
Re: Send same log to 2 different NLS Setup
Posted: Thu Feb 21, 2019 12:53 pm
by cdienger
Sent a PM. Can you try changing the hostnames in the config to use IPs instead ? Make sure to restart rsyslog afterwards. I'd also like to get a full copy of the rsyslog.conf and /etc/rsyslog.d/ directory.
Re: Send same log to 2 different NLS Setup
Posted: Tue Feb 26, 2019 11:04 am
by Sampath.Basireddy
Hi
@cdienger,
Sent you a PM with full copy of the rsyslog.conf and /etc/rsyslog.d/ directory.