Rsyslog tip.

Share this link

When you are about to deploy an application, you’ve got a lot of problems to solve.
How are you going to deal with backups, monitoring, filtering admin connections?

One of these problems concerns the management of system and application messages.
There are many available options. One of them is to use rsyslog.

With rsyslog, you can store system and application messages into local files or/and send them to a remote server according to the configuration located in the /etc/rsyslog.conf file or the /etc/rsyslog.d directory.

However, what happens if your central rsyslog server is not available because of maintenance or failure? You loose all your platform messages during this time! This is not good.

But, there is a solution: you can perfectly configure two or several remote rsyslog servers in your client configuration (still in /etc/rsyslog.conf) as follows:

# ### begin forwarding rule ###
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
*.* @@remote-host1:514
$ActionExecOnlyWhenPreviousIsSuspended on
& @@remote-host2:514
& @@remote-host3:514
$ActionExecOnlyWhenPreviousIsSuspended off
# ### end of the forwarding rule ###

Then, check the syntax:

# rsyslogd -N 1
rsyslogd: version 7.4.7, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: warning: ~ action is deprecated, consider using the 'stop' statement instead [try ]
rsyslogd: End of config validation run. Bye.

This way, all the messages go to the remote-host1 server by default. If the remote-host1 server doesn’t answer, messages are sent to the remote-host2 server, then to the remote-host3 server if the previous server doesn’t reply.

You can find all the details in the tutorial about Configuring a system to log to a remote system.

There are certainly other options but this one is pretty simple and works fine.

Note: Rsyslog was an RHCE 6 objective but doesn’t appear in the RHCE 7 objectives anymore.

Posted in RHEL7

Leave a Reply

Be the First to Comment!

Notify of

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create two users "tom" and "engine". "tom" has the UID/GID 3000 and "engine" the UID/GID 4000. "engine" doesn't have an interactive shell.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria and create a table named people with two columns respectively name varchar(20) and age int(10) unsigned.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...