HPE Community
Operating System - Linux
1755755 Members
3118 Online
108838 Solutions
New Discussion

can syslog forward to multiple syslog servers?

 
SOLVED
Go to solution
Doug O'Leary
Honored Contributor

‎08-20-2012 10:41 AM

‎08-20-2012 10:41 AM

can syslog forward to multiple syslog servers?

Hi;

 

The man pages don't seem to answer this question.  I have a client who's looking to install ossec but already has a syslog server.  They would like to forward the syslog messages from their linux boxes to their normal syslog server *and* the new ossec server. 

 

Does anyone know if either of these two lines will work?

 

*.* @loghost,@ossec_server

 

*.* @loghost

*.* @ossec_server

 

syslog won't forward messages that it receives from other systems; however, I'm sure I could work around that if needed.

 

Thanks for any hints/tips/suggestions.

 

Doug O'Leary


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
3 REPLIES 3
Matti_Kurkela
Honored Contributor

‎08-21-2012 01:37 AM

‎08-21-2012 01:37 AM

Solution

Re: can syslog forward to multiple syslog servers?

The first one may not work, as one syslog configuration line can normally specify only one destination (exception: "a comma-separated list of users" is considered a single destination). Of course, some Linux distributions may have a version of syslogd that has its configuration syntax enhanced to allow multiple destinations on a single line.

 

The second form should work as you requested and be acceptable to even the most traditional syslogd implementation you're likely to see in a Linux system.

MK
Reply
Patrick Wallek
Honored Contributor

‎08-21-2012 06:32 AM

‎08-21-2012 06:32 AM

Re: can syslog forward to multiple syslog servers?

As Matti says, the 2nd set of lines should work.  However, that is for the standard syslog daemon.

 

A lot of Linux distros are using SyslogNG which uses a completely different method and file for config. 

 

I would first verify if they are using Syslog or SyslogNG then determine how to configure it.l

Reply
Doug O'Leary
Honored Contributor

‎08-21-2012 12:39 PM

‎08-21-2012 12:39 PM

Re: can syslog forward to multiple syslog servers?

Hey

 

thank you both for the replies; appreciate it no end.

 

Doug O'Leary


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.