V7.8.2003 doesn’t have a way to alter the rsyslog for sending logs, only receiving.
Could you explain longer what you expect, what you want with some examples with howto or documentation.
Ex: I have a syslog server already set up using Graylog on another device/vm. Neth is newly created and I want to send logs to it. Via Cockpit, I navigate to services, but the only options are to set up the reception of syslog messages.
Workaround: edit rsyslogd.conf to insert *.* @192.168.0.1 as per https://man7.org/linux/man-pages/man5/rsyslog.conf.5.html. I actually used *.* @@192.168.0.1 as I’m using tcp for syslog due to packet size cutoff.
Expectation: In Neth, a checkmark on the config for the service to SEND instead of RECEIVE, and the a destination to send to:
2 Likes
This is a very uncommon usage scenario for most of NS installation.
Still we have one instance configured to send logs to graylog inside our infra.
Just create /etc/rsyslog.d/logremote.conf, with something like:
@@ -0,0 +1,9 @@
#
# rsyslog configuration -- send syslog to remote log server in a TLS encrypted channel
#
$PreserveFQDN on
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
{{ logremote_rules | join(",") }} @@yourserver:XXXX;RSYSLOG_SyslogProtocol23Format
Substitute yourserver with the addess of your server and XXXX with the TCP port.
The logremote_rules are expanded from this file (jinja template from ansible):
---
logremote_rules:
- "local0.*"
- "local1.*"
- "local2.*"
- "local3.*"
- "local4.*"
- "local5.*"
- "local6.*"
- "local7.*"
2 Likes