I am in the preliminary stages of creating a failover rsyslog.conf for all our Redhat 6 and 7 clients (default rsyslogd 5.8.10 and 8.24.0), using this page (and others) as a starting point, but I am unable to get the failover to work on either version. https://www.rsyslog.com/doc/master/tutorials/failover_syslog_server.html
Here is the basic config the top section is pretty standard what ships with Redhat 6: $ModLoad imuxsock $ModLoad imklog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log ### Failover #### *.* @@192.168.1.10:616 $ActionExecOnlyWhenPreviousIsSuspended on & @@192.168.1.11:616 & /var/log/localbuffer $ActionExecOnlyWhenPreviousIsSuspended off To test I run a simple for loop and write about a 1000 lines in /var/log/messages and monitor traffic to both remote servers. I then place an outbound Iptables rule to block all access to .10. Logging in /var/log/messages stops after about 200 or so lines and nothing is ever sent to the second (.11) server. Thinking that maybe the Iptables rule may not accurately reflect a unreachable server, I unplugged the Ethernet cable on .10 and the failover still does not work. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
