How to setup forwarding syslog messages to another syslog server

How to setup forwarding syslog messages to another syslog server

In this article I will show the changes you can make to your syslog-ng.conf file in order to forward syslog messages to one or more remote syslog servers.

Start by adding the desired amount of destinations, in this example we add two syslog machines and setup forwarding for system and internal (s_sys) messages and also log all messages we receive through syslog towards this netyce machine to syslog-ng.log (net) and forward these messages.

type "sudo vi /etc/syslog-ng/syslog-ng.conf" and add the following configuration:
destination collector1 {
        network(
                "<remote-syslog-ip-goes-here>"
                port(514)
                transport("udp")
                ip-protocol(4)
        );
};

destination collector2 {
        network(
                "<remote-syslog-ip-goes-here>"
                port(514)
                transport("udp")
                ip-protocol(4)
        );
};
log {
        source(s_sys);
        destination(collector1);
        destination(collector2);
};
destination d_logs {
    file(
        "/var/opt/yce/logs/syslog-ng.log"
        owner("yce")
        group("nms")
        perm(0644)
    );
};

log { source(net); destination(d_logs); destination(collector1); destination(collector2);};

If you are running a patch level higher than 23011601 your system will also be logging the following files in /var/opt/yce/logs/ :

yce_action.log
yce_config.log
yce_task.log

In case you would like to forward the contents of these log files as well add the following:
source yce_logs {
        file("/var/opt/yce/logs/yce_action.log");
        file("/var/opt/yce/logs/yce_config.log");
        file("/var/opt/yce/logs/yce_task.log");
};

log {
        source(yce_logs);
        destination(collector1);
        destination(collector2);
};
after writing .conf file restart the syslog-ng daemon with "sudo systemctl restart syslog-ng", in case there's a syntax error "journalctl -xe" won't be of much help so rather locate the problem by running "syslog-ng -Fdev"

    • Related Articles

    • Setting up High Availability

      In this article we would be setting up two instances of NetYCE that would act as Master-master relationship. Pre conditions It is assumed we already have cloned the primary server or set up a new one. If you have installed a new system (VM), make ...

    • Setting up LDAP authentication

      In this article we will be seeing how to setup LDAP authetnication in NetYCE. We will be using below sample LDAP server details for the setup. LDAP Test server details LDAP Server Information: Server: ldap.test.com Port: 389 Bind DN: ...

    • Enabling Job Approvals

      Knowing different User Roles Below is the table that defines users levels and their group names. User-level name remark 0 disabled cannot login 1 browser cannot submit jobs 2 operator 3 engineer 4 modeler aka designer 5 manager 6 system same as ...

    • Hardware sizing requirements

      NetYCE is very light software and needs very moderate hardware requirements. Sizing mainly depends on either the number of nodes or number of jobs executed per day. Sizing for complete setup: This is for High availability setup, 2 (DB) servers. Nodes ...

    • Enable debug and creating support file

      Debug mode is enabled when we need more logs to analyze any issue. In this article we shall enable debug for a Job. Debugging via GUI Enabling Debug (1) Admin -> System -> Debug Logs -> (2) Start debug -> (3) OK         Create a Job Create ...