[Lubuntu] Simple configuration for remote logging with rsyslogd

Mon Dec 3 22:36:47 UTC 2012

On 11/30/2012 4:47 PM, John Hupp wrote:
> On Lubuntu Quantal, it looks like rsyslogd is installed with a certain 
> configuration -- probably just for local logging -- but is not set to 
> auto-start.
>
> I'm trying to set up remote logs for an LTSP client (to log to the 
> LTSP server) for the sake of troubleshooting a client boot problem.  
> The LTSP manual has this sample for syslog-ng's configuration file 
> /etc/syslog-ng/syslog-ng.conf:
>
>     source net-udp { udp(); };
>     destination remote { file("/var/log/remote/$FULLHOST"); };
>     log { source(net-udp); destination(remote); };
>
> Does anyone know if the rsyslogd would use the same statements in its 
> configuration file?
>
I having a working recipe for this(and I was wrong about rsyslog not 
auto-starting-- it is good to go):

To accomplish forwarding of syslog messages by TCP (rather than by UDP 
or RELP):

In /etc/rsyslog.conf for the client machine add this to the end of the file:
*.*   @@<server's IP address>:10514

For an LTSP network, if it is a standard LTSP 5 setup with a chroot 
environment, then just edit the file as above and update the image.

For an LTSP network with an LTSP-PNP setup it is trickier.  For 
temporary troubleshooting you can just modify /etc/rsyslog.conf, update 
the client NBD image, then edit /etc/rsyslog.conf again with the 
settings required for the server.  If you want a permanent forwarding 
setup that will not be overwritten by image updates, then you would 
probably write a script in /usr/share/ltsp/init-ltsp.d that modifies 
/etc/rsyslog.conf in place on-the-fly during bootup (using the stream 
editor command "sed").  But I have not had a successful experience with 
that yet, so I merely toss that out as a lead.

-------------------

In /etc/rsyslog.conf for the server where you want the messages 
forwarded, un-comment these two lines in rsyslog.conf:
$ModLoad imtcp
$InputTCPServerRun 10514

This much alone on the server will cause forwarded messages to be 
received on the server and incorporated in the standard log file at 
/var/log/syslog.  But they will be added to the messages that are logged 
for the server itself.  That may do for your purposes since all messages 
are tagged with the host name, but you can also have the messages 
written to another file by adding these lines to rsyslog.conf:

if $fromhost-ip startswith '192.168.1.' then /var/log/ltspclientlog
& ~

Substitute whatever client IP address applies in your situation. The 
above command will separately log received messages from any client with 
IP 192.168.1.xxx.  Also substitute whatever log name you would like for 
my choice of "ltspclientlog."

The configuration above will cause the client syslog messages to be 
logged in both /var/log/ltspclientlog and /var/log/syslog.  I don't know 
why.  The "& ~" command is supposed to stop further processing of the 
message after it is written to ltspclientlog. Perhaps I misunderstood 
the documentation and forwarded messages are *always* written to syslog, 
and then perhaps other files as well.  Or perhaps LTSP has some 
functionality in it that causes forwarded messages to be written to syslog.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/lubuntu-users/attachments/20121203/e47f0e22/attachment.html>