Rsyslog service config

V7.8.2003 doesn’t have a way to alter the rsyslog for sending logs, only receiving.

Could you explain longer what you expect, what you want with some examples with howto or documentation.

Ex: I have a syslog server already set up using Graylog on another device/vm. Neth is newly created and I want to send logs to it. Via Cockpit, I navigate to services, but the only options are to set up the reception of syslog messages.

Workaround: edit rsyslogd.conf to insert *.* @ as per I actually used *.* @@ as I’m using tcp for syslog due to packet size cutoff.

Expectation: In Neth, a checkmark on the config for the service to SEND instead of RECEIVE, and the a destination to send to:


This is a very uncommon usage scenario for most of NS installation.

Still we have one instance configured to send logs to graylog inside our infra.
Just create /etc/rsyslog.d/logremote.conf, with something like:

@@ -0,0 +1,9 @@
# rsyslog configuration -- send syslog to remote log server in a TLS encrypted channel
$PreserveFQDN on
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
{{ logremote_rules | join(",") }}    @@yourserver:XXXX;RSYSLOG_SyslogProtocol23Format

Substitute yourserver with the addess of your server and XXXX with the TCP port.
The logremote_rules are expanded from this file (jinja template from ansible):

    - "local0.*"
    - "local1.*"
    - "local2.*"
    - "local3.*"
    - "local4.*"
    - "local5.*"
    - "local6.*"
    - "local7.*"