0

An appliance has 2 interfaces. Would like to export syslog information using a particular interface ip address.

How to configure this in /etc/rsyslog.conf?

Kranthi
  • 1
  • 1

1 Answers1

-1

Here the way I have it in rsyslog.conf.
*.* @[ip address]:[optional port number]

[ip address] can be a hostname or an IP.
port number is optional. Omit the : if you are not using it.
Here is the way to set-up the route.
You need:
The CIDR of the IP Range to route. Ex 192.168.30.0/24
The IP Address to route to. Ex 192.168.30.250
The interface name of the network card with the IP address from above. Ex en0p2.

I'm on Redhat and the ifcfg files are in /etc/sysconfig/network-scripts. Not sure where yours may be.
cd /etc/sysconfig/network-scripts

create a file called route-[interface name] -or- route6-[interface name] for IPv6.

touch route-en0p2
Note: It is best to have the filename match the name of the ifcfg file. Such as: ifcfg-en0p2 and route-en0p2 -or- ifcfg-alternate_interface-en0p2 and route-alternate_interface-en0p2.
This isn't really required, but it makes it easier for the next gut who has to maintain the system. /rant

Add the routing information to this file: [CIDR] via [nic-ip] dev [interface name]
192.168.30.0/24 via 192.168.30.250 dev en0p2

Bring down the interface, then bring it back up:
ifdown en0p2
I like to wait a bit here. Many will argue it is not necessary. I do it any way -- just incase there was a long-running process I won't have to try it again. Personally, I sing the magical Sys-Admin song.
What? You don't have one? Need to work on that. :D

ifup en0p2

Now, I can view my routes:
netstat -rn
(Yes, there are other ways to view the rout. Use what ever command you want.)

When the machine boots up, it will automatically read the route file and se it up for you.

Pro tip: Yes, you can add the route without cycling the interface. I do it this way to be sure there are no 'gotchas' anywhere. IF there is an error, I'll see it when I bring the interface up and can fic it, instead of getting called in the middle of the night. /rant

Scottie H
  • 227
  • 2
  • 10
  • Is this 'ip address' server ip address or my device interface ip address? Because this configuration is to set the server ip I guess. – Kranthi Mar 06 '19 at 06:11
  • Yes. The IP address/port is where you want to send your logs. Your OS should be configured to rout that request through the correct interface. – Scottie H Mar 06 '19 at 23:19
  • 1
    This is obvious configuration for syslog export. So, my problem is the other way. I want to chose exactly through which interfaces the syslog should go. Don't want to give control to OS her. – Kranthi Mar 07 '19 at 02:43
  • First, set the external IP address. Normally, the OS will rout the request through the correct interface. If, for some reason, that isn't happening, you can set a route which will specify which interface to use. This setting does not go in rsyslog. It goes in your network configuration. I will update answer with this information shortly. (Haven't done it in a while. There are multiple ways.) – Scottie H Feb 11 '22 at 19:09