0

I have connected two of my computers to form a network, with only an ethernet cable between them. They are both Ubuntu 12.04, and can ping each other without a problem. For the logs, I want to forward IP address 10.0.0.1 and the want I want to send to is 10.0.0.2.

I wanted to redirect the logs via TCP, so in the client I added the following line to the /etc/rsyslog.conf file, as I read in many how to guides, as follows:

*.* @@10.0.0.2:514

Then in the machine with address 10.0.0.2, where I wanted the logs to be forwarded to I uncommented the lines below, again as I understand the correct configuration to be.

$ModLoad imtcp
$InputTCPServerRun 514

I can't see that I need to do anything else based on the guides I have read. I have restarted both machines, but I can't see anything in /var/log which suggests that another machines logs are being saved.

Where should they be being saved? Thanks for reading.

Mustafa Doe
  • 125
  • 1
  • 2
  • 7
  • Can you post the full configs of both the sender and the receiver? There may be directives like "~" which stop processing messages, or stuff like that. It's best if you can strip down the configs first, something like: -sender: $ModLoad imuxsock *.* @@10.0.0.2:514 -receiver $ModLoad imtcp $InputTCPServerRun 514 *.* /var/log/messages – Radu Gheorghe Dec 10 '13 at 15:49

1 Answers1

0

In the rsyslog configuration of 10.0.0.2, you should have some filters like :

*.* /var/log/syslog

See the Filter Conditions part of rsyslog documentation for more information.

Philippe
  • 1,206
  • 3
  • 13
  • 19