SimonF Posted May 27, 2017 Share Posted May 27, 2017 I found posts for pre v6 and have tried to apply to rsyslog.conf *.* @@IP address but doesnt seem to forward log entries to my splunk server. is it possible with v6? also could it be a config item in future releases? Quote Link to comment
DeatheTongue Posted June 11, 2017 Share Posted June 11, 2017 (edited) @@host implies tcp transport, you may want @host for udp delivery? I too am looking for a standardized way to permanently alter the rsyslog.conf if you have a link I'd appreciate it. Chip Edited June 11, 2017 by DeatheTongue typo Quote Link to comment
SimonF Posted August 16, 2017 Author Share Posted August 16, 2017 Sorry for the delay in replying Chip, but this is where i started.: Quote Link to comment
daze Posted October 3, 2017 Share Posted October 3, 2017 I forward to Splunk (free version) in a Docker on another machine. I have the following content in /boot/config/go: SERVER="your-server-hostname-or-ip-here:1514" /usr/bin/sed --in-place "s/^#\*\.\* \@\@/\*\.\* \@\@$SERVER/" /etc/rsyslog.conf /etc/rc.d/rc.rsyslogd reload Hope that helps someone. I'm sure the sed string work can be greatly simplified. Feel free to offer better alternatives. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.