Re: can syslog forward to multiple syslog servers?

Doug O'Leary · ‎08-20-2012

Hi;

The man pages don't seem to answer this question. I have a client who's looking to install ossec but already has a syslog server. They would like to forward the syslog messages from their linux boxes to their normal syslog server *and* the new ossec server.

Does anyone know if either of these two lines will work?

*.* @loghost,@ossec_server

*.* @loghost

*.* @ossec_server

syslog won't forward messages that it receives from other systems; however, I'm sure I could work around that if needed.

Thanks for any hints/tips/suggestions.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html

Matti_Kurkela · ‎08-21-2012

The first one may not work, as one syslog configuration line can normally specify only one destination (exception: "a comma-separated list of users" is considered a single destination). Of course, some Linux distributions may have a version of syslogd that has its configuration syntax enhanced to allow multiple destinations on a single line.

The second form should work as you requested and be acceptable to even the most traditional syslogd implementation you're likely to see in a Linux system.

MK

Patrick Wallek · ‎08-21-2012

As Matti says, the 2nd set of lines should work. However, that is for the standard syslog daemon.

A lot of Linux distros are using SyslogNG which uses a completely different method and file for config.

I would first verify if they are using Syslog or SyslogNG then determine how to configure it.l

Doug O'Leary · ‎08-21-2012

Hey

thank you both for the replies; appreciate it no end.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: can syslog forward to multiple syslog servers?

can syslog forward to multiple syslog servers?