Setting up a Central Syslog Server to listen on both TCP and UDP ports
This document (000020554) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise 15 SP3
was using the legacy syntax and the was not working for SLES 15 SP2 and SP3.
Example of legacy syntax for editing the /etc/rsyslog.d/remote.conf file.
Step 1 Use the modern syntax: Entries in /etc/rsyslog.d/remote.conf #TCP Example: module(load="imtcp") # needs to be done just once input(type="imtcp" port="514" address="192.168.86.232") #UDP Example: module(load="imudp") # needs to be done just once input(type="imudp" port="514" address="192.168.86.232") Step 2 Update they rsyslog.service to start after the network Copy /usr/lib/systemd/system/rsyslog.service to /etc/systemd/system/ In the unit section of /etc/systemd/system/rsyslog.service add these two lines: Wants=network.target network-online.target After=network.target network-online.target Note: Starting rsyslog a little later should not cause a loss of log messages as long as there is no log message flood that might overflow the kernels log ring buffer. Even if there is a log message flood before rsyslog starts, the kernel log ring buffer can be increased.
The upstream documentation for imtcp is here: https://rsyslog-doc.readthedocs.io/en/latest/configuration/modules/imtcp.html The upstream documentation for imudp is here: https://rsyslog.readthedocs.io/en/latest/configuration/modules/imudp.html
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020554
- Creation Date: 21-Jan-2022
- Modified Date:21-Jan-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: email@example.com