Line 1: |
Line 1: |
| ==SME8.x== | | ==SME8.x== |
| ====Fowarding syslog stream tot a remote host==== | | ====Fowarding syslog stream tot a remote host==== |
− | Create the following a custom template directory: | + | Create the following a custom template directory on your source server (example 192.168.1.1) |
| mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf | | mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf |
| and copy the existing template fragments to this new custom template directory: | | and copy the existing template fragments to this new custom template directory: |
Line 15: |
Line 15: |
| where 192.168.1.170 is the IP address of the remote host. Obviously this is an example and you should use the IP address of your real syslog collecting server. | | where 192.168.1.170 is the IP address of the remote host. Obviously this is an example and you should use the IP address of your real syslog collecting server. |
| | | |
− | The new template needs to be expanded by: | + | To avoid unwanted mark messages to be send to the remote host, create the following custom template directory: |
| + | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog |
| + | |
| + | and create the following template-fragment within this directory: |
| + | touch /etc/e-smith/templates-custom/etc/sysconfig/syslog/10NoMARKs |
| + | with the following content |
| + | # we don;t want the MARK ticks |
| + | SYSLOGD_OPTIONS="-r -m 0" |
| + | |
| + | |
| + | The new templates need to be expanded by: |
| expand-template /etc/syslog.conf | | expand-template /etc/syslog.conf |
− | | + | expand-template /etc/sysconfig/syslog |
| | | |
| And restart syslog: | | And restart syslog: |
Line 23: |
Line 33: |
| From here on, all syslog messages will be send to the remote host over port 514 | | From here on, all syslog messages will be send to the remote host over port 514 |
| | | |
| + | On the remote host (192.168.1.170) there a 2 actions required to be able to receive remote syslog messages: |
| + | * open UDP/TCP port 514 |
| + | * forwarding incomming traffic from our syslog server (192.168.1.1) on port 514 to localhost (127.0.0.1) |
| + | |
| + | |
| + | =====Uninstall===== |
| + | To uninstall the forwarding of syslog messages on your source server, remove the custom template directory: |
| + | rm -f /etc/e-smith/templates-custom/etc/syslog.conf |
| + | and restart syslog |
| + | service syslog condrestart |
| | | |
| | | |