General Information
Rsyslog administration and config.
Checklist
How to send syslogs to a remote system using the RELP (Reliable Event Logging Protocol) module.
Install the RELP module
yum -y install rsyslog-relp
Edit /etc/rsyslog.conf:
#### Modules #### # Provides RELP syslog reception $ModLoad imrelp $InputRELPServerRun 10514 #### Rules #### ## Remote and local logging for local1 rule ## local1.* /opt/myapp/logs/applog.log
Restart rsyslog service
service rsyslog restart
Create a directory to save spool files
mkdir -p /var/spool/rsyslog chmod 700 -R /var/spool/rsyslog
Edit /etc/rsyslog.conf
## Load Module ## $ModLoad omrelp ## Spool directory for all rules ## $WorkDirectory /var/spool/rsyslog ## Local 1 forwarding rules ## $ActionQueueFileName srvfwd-local1 # set rule's spool file name, also enables disk mode $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down $ActionQueueType LinkedList # use asynchronous processing $ActionResumeRetryCount -1 # infinite retries on insert failure local1.* :omrelp:10.1.2.3:10514 ## End local 1 rules ##
Restart rsyslog service
service rsyslog restart
Send test messages from client
logger -p local1.info "testing local1"
Check logs on receiver
grep testing /opt/myapp/logs/applog.log