Not sure if the localmachine is not sending or the remote not receiving. But it appears the logs expected to show up on the remote are not there.
Both ends are gentoo linux, I'm not at all familiar with rsyslog but hoped I set it up right according to what I see on the example file and at: http://wiki.rsyslog.com/index.php/Very_simple_config_--_starting_point_for_modifications Local and remote configs appear in full [inlined] at the end. Just a few lines (including commented ones) from local conf that I hoped were what I needed to send the logs: # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. $WorkDirectory /var/rsyslog/spool # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinety retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host The above last 2 commented lines would be less confusing of they used the same notation for remote host in both instances. remote host remote-host Appears to be talking about two different things *.* @@remote-host So is that really all it needs? ------- --------- ---=--- --------- -------- Now a few lines from the remote rsyslog.conf # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) $ModLoad imtcp.so # load module # Note: as of now, you need to use the -t command line option to # enable TCP reception (e.g. -t514 to run a server at port 514/tcp) # This will change in later v3 releases. That is all it appears to indicate is needed to receive logs. And this (the remote) instance of rsyslog is being started with -c3 -t514 flags. ------- --------- ---=--- --------- -------- Complete LOCAL rsyslog conf: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # [HP 112609_192532 Line above will cause rsyslog to use the previous # sysklogd date/time instead of the obnoxious but precision `new' format] #] # rsyslog v3: load input modules # If you do not load inputs, nothing happens! # You may need to set the module load path if modules are not found. $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # kernel logging (formerly provided by rklogd) # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none -/var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/mail.log # Log cron stuff cron.* -/var/log/cron.log # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit -/var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log *.debug;mail.none;news.none -/var/log/debug.log # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. $WorkDirectory /var/rsyslog/spool # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinety retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional # remote host is: # logsrv:512 # e.g. 192.168.0.1:514, port optional *.* @@192.168.0.26:514 # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) #$ModLoad imtcp.so # load module # Note: as of now, you need to use the -t command line option to # enable TCP reception (e.g. -t514 to run a server at port 514/tcp) # This will change in later v3 releases. # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception #$UDPServerRun 514 # start a UDP syslog server at standard port 514 ------- --------- ---=--- --------- -------- Complete remote rsyslog.conf $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # [HP 112609_192532 Line above will cause rsyslog to use the previous # sysklogd date/time instead of the obnoxious but precision `new' format] #] # rsyslog v3: load input # If you do not load inputs, nothing happens! # You may need to set the module load path if modules are not found. $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # kernel logging (formerly provided by rklogd) # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none -/var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/mail.log # Log cron stuff cron.* -/var/log/cron.log # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit -/var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log *.debug;mail.none;news.none -/var/log/debug.log # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /rsyslog/spool # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinety retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) $ModLoad imtcp.so # load module # Note: as of now, you need to use the -t command line option to # enable TCP reception (e.g. -t514 to run a server at port 514/tcp) # This will change in later v3 releases. # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception #$UDPServerRun 514 # start a UDP syslog server at standard port 514 _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
