MonitorWare Knowledge Base

Hi all,

Systems information:
Debian 5.0
various hardware configurations
class B network
no intermediate firewalls

After much frustration I finally got the remote server to receive messages from client systems however the messages are all going to the listening system's log files which is very undesirable.

On the server I have no directories or files in /var/log/remote. And, all I want to do is log *everything* from the client:/var/log to the server.

What am I doing incorrectly?

Anthony

Server Config

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$AllowedSender TCP, 128.198.e.0/24, 128.198.a.b, 128.198.c.d


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755

$CreateDirs on
$FailOnChownFailure off

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

... rest is stock Debian

Client Config
file: rsyslog.d/remote.conf
$WorkDirectory /var/log/work

$ActionQueueType LinkedList
$ActionQueueFileName srvrfwd
$ActionQueueRetryCount -1
$ActionQueueSaveOnShutdown on

$template remotefile,"/var/log/remote/%HOSTNAME%/%YEAR%/%MONTH%/log-%NOW%"
*.* @@server-ip remotefile

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?