0

Everything else is being logged to the central rsyslog server but not the /var/log/messages of the rsyslog client.

server: learn -> 192.168.1.100

client: server101 -> 192.168.1.200

From the rsyslog server:

[root@learn ~]# ls -l /var/log/server101/
total 320
-rw------- 1 root root    775 Apr 28 09:46 clamd.log
-rw------- 1 root root   2596 Apr 28 09:45 CROND.log
-rw------- 1 root root 267683 Apr 28 09:48 kernel.log
-rw------- 1 root root    276 Apr 28 09:47 named.log
-rw------- 1 root root    209 Apr 28 09:37 opendkim.log
-rw------- 1 root root    426 Apr 28 09:42 phpMyAdmin.log
-rw------- 1 root root   2036 Apr 28 09:12 polkitd.log
-rw------- 1 root root   4758 Apr 28 09:37 postfix.log
-rw------- 1 root root   2174 Apr 28 09:13 rsyslogd.log
-rw------- 1 root root    699 Apr 28 09:37 sshd.log
-rw------- 1 root root   4645 Apr 28 09:45 systemd.log
-rw------- 1 root root    237 Apr 28 09:37 systemd-logind.log

From the rsyslog client, /var/log/messages file is being written with logs locally.

*.* @192.168.1.100:514 is already added on /etc/rsyslog.conf of the client server101 to forward all locally generated log messages to the remote rsyslog server learn

Not sure what is missing here.

vjwilson
  • 129
  • 1
  • 6
  • Do you have a configuration anywhere on learn telling it to write to /var/log/messages? The server sending the message can't tell the receiver what filename to use. Syslog simply doesn't work like that. –  Apr 28 '20 at 12:52
  • @yoonix: yes indeed `[root@learn ~]# grep "/var/log/messages" /etc/rsyslog.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages` – vjwilson Apr 30 '20 at 14:25

0 Answers0