The first thing you'll need to do is install a new version of rsyslog. There's a bug in the version that comes along with Ubuntu 12.04 that prevents rsyslog from listening on a privileged port if you're using drop-privileges.
You can read instructions for installing a newer version of rsyslog here.
Once you've done that, open up /etc/rsyslog.conf and uncomment the following lines:
#$ModLoad imudp
#$UDPServerRun 514
Restart rsyslog and you're done on the server. Now head over to a client and open up /etc/rsyslog.d/50-default.conf and make the following addition to the top of the file:
Restart rsyslog and you're done on the server. Now head over to a client and open up /etc/rsyslog.d/50-default.conf and make the following addition to the top of the file:
*.* @your_server:514
Note that the single @ sign is what designates the sending to UDP only. Restart rsyslog on the server and you can test to see if logs are being sent using the logger command:
logger -t TEST testing
Note that the single @ sign is what designates the sending to UDP only. Restart rsyslog on the server and you can test to see if logs are being sent using the logger command:
logger -t TEST testing
duh I already knew all this
ReplyDelete