SYSLOG Forwarding

====Fowarding syslog stream tot a remote host====
Create the following a custom template directory:on your source server (example
mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf
and copy the existing template fragments to this new custom template directory:
where is the IP address of the remote host. Obviously this is an example and you should use the IP address of your real syslog collecting server.
To avoid unwanted mark messages to be send to the remote host, create the following custom template directory: mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog and create the following template-fragment within this directory: touch /etc/e-smith/templates-custom/etc/sysconfig/syslog/10NoMARKswith the following content # we don;t want the MARK ticks SYSLOGD_OPTIONS="-r -m 0"  The new template needs templates need to be expanded by:
expand-template /etc/syslog.conf
expand-template /etc/sysconfig/syslog
And restart syslog:
From here on, all syslog messages will be send to the remote host over port 514
On the remote host ( there a 2 actions required to be able to receive remote syslog messages:
* open UDP/TCP port 514
* forwarding incomming traffic from our syslog server ( on port 514 to localhost (
To uninstall the forwarding of syslog messages on your source server, remove the custom template directory:
rm -f /etc/e-smith/templates-custom/etc/syslog.conf
and restart syslog
service syslog condrestart

