In this article I will show the changes you can make to your syslog-ng.conf file in order to forward syslog messages to one or more remote syslog servers.
Start by adding the desired amount of destinations, in this example we add two syslog machines and setup forwarding for system and internal (s_sys) messages and also log all messages we receive through syslog towards this netyce machine to syslog-ng.log (net) and forward these messages.
type "sudo vi /etc/syslog-ng/syslog-ng.conf" and add the following configuration:
destination collector1 {network("<remote-syslog-ip-goes-here>"port(514)transport("udp")ip-protocol(4));};destination collector2 {network("<remote-syslog-ip-goes-here>"port(514)transport("udp")ip-protocol(4));};
log {source(s_sys);destination(collector1);destination(collector2);};
destination d_logs {file("/var/opt/yce/logs/syslog-ng.log"owner("yce")group("nms")perm(0644));};log { source(net); destination(d_logs); destination(collector1); destination(collector2);};
If you are running a patch level higher than 23011601 your system will also be logging the following files in /var/opt/yce/logs/ :
yce_action.log
yce_config.log
yce_task.log
In case you would like to forward the contents of these log files as well add the following:
source yce_logs {file("/var/opt/yce/logs/yce_action.log");file("/var/opt/yce/logs/yce_config.log");file("/var/opt/yce/logs/yce_task.log");};log {source(yce_logs);destination(collector1);destination(collector2);};
after writing .conf file restart the syslog-ng daemon with "sudo systemctl restart syslog-ng", in case there's a syntax error "journalctl -xe" won't be of much help so rather locate the problem by running "syslog-ng -Fdev"
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article