6

How can I make it so log file is stored both remotely and locally using rsyslog?

Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448

3 Answers3

8

It looks like it's as simple as two lines in the config file:

*.* @loghost
*.* /var/log/messages

The rsyslog example configs have a few instances of teeing like this. The key one:

kern.* /var/adm/kernel
kern.crit @finlandia;RFC3164fmt
kern.crit /dev/console
kern.info;kern.!err /var/adm/kernel-info

The second statement directs all kernel messages of the priority crit and 
higher to the remote host finlandia.
[...]
The third rule directs these messages to the actual console, so the person 
who works on the machine will get them, too.
sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
5

Wouter de Bie had a good answer, but he showed the UDP method of sending logs. In order to send them over the more reliable (though not 100%) TCP use something like:

\*.* @@remote.server.ip
Jenny D
  • 27,780
  • 21
  • 75
  • 114
BillRoth
  • 57
  • 3
3

Put the following line in your /etc/rsyslog.d/remote.conf:

*.* @remote.server.ip

This can easily be extended for only logging specific facilities and levels to the remote server.

Wouter de Bie
  • 719
  • 5
  • 7
  • Won't this just send the logs to the remote server and not the local one? – Kyle Brandt Sep 15 '10 at 15:52
  • 3
    By default the configuration in Ubuntu for rsyslogd is done in /etc/rsyslog.conf. Here, local logging is already configured. Adding extra files in your /etc/rsyslog.d causes to log to a remote (or local) location as well. The /etc/rsyslog.d directory allows you to extend your configuration (not override it). – Wouter de Bie Sep 15 '10 at 17:26