May 27, 20179 yr I found posts for pre v6 and have tried to apply to rsyslog.conf *.* @@IP address but doesnt seem to forward log entries to my splunk server. is it possible with v6? also could it be a config item in future releases?
June 11, 20179 yr @@host implies tcp transport, you may want @host for udp delivery? I too am looking for a standardized way to permanently alter the rsyslog.conf if you have a link I'd appreciate it. Chip Edited June 11, 20179 yr by DeatheTongue typo
October 3, 20178 yr I forward to Splunk (free version) in a Docker on another machine. I have the following content in /boot/config/go: SERVER="your-server-hostname-or-ip-here:1514" /usr/bin/sed --in-place "s/^#\*\.\* \@\@/\*\.\* \@\@$SERVER/" /etc/rsyslog.conf /etc/rc.d/rc.rsyslogd reload Hope that helps someone. I'm sure the sed string work can be greatly simplified. Feel free to offer better alternatives.
Archived
This topic is now archived and is closed to further replies.