DEVHIDE
Login Or Sign up

send logs to multiple rsyslog servers

11.1k Views Asked by At

When I try to send data to multiple rsyslog servers, it is picking only the first forwarding rule and ignoring rest.

my rsyslog client conf file.

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& ~
###

### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd1  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###

if I comment forwading rule#1, it take rule#2.

rsyslog
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

From rsyslog documentation : ( http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/ )

The next line (“& ~”) is important: it tells rsyslog to stop processing the message after it was written to the log

So that (normaly) works :

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
###

### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd1  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###

Or Simply :

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& @@rsyslog1.abc.com:10514
###

Related Questions in RSYSLOG

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.