Sending logs to a centralized rsyslog server
You’ve already taken the first step toward streamlined log handling by configuring syslog on the main-rsyslog server. But how do you know that the main-rsyslog server is receiving the logs? Logs can be sent from a remote client system to a main-rsyslog server by activating and configuring the rsyslog output module (main-rsyslog).
In this example, the client01 machine uses the rsyslog output module, omfwd, to transmit logs to the main-rsyslog server.
To process messages and logs, the omfwd module must be installed (it will be already). It can be used in conjunction with rsyslog templates. Finally, the module uses the rsyslog action object to transmit the data through UDP and TCP to the specified destinations.
Set up the client machine so that it can submit logs to the main-rsyslog server.
Create a new rsyslog configuration (/etc/rsyslog.d/20-forward-logs.conf) in your preferred text editor and enter the settings shown in...
