direct ALL logs on LTM to remote server

I see this reference to /var/log/tmm in the syslog-n.conf on my system (no mods)

 capture output from tmm and put it in /var/log/tmm  
  source s_tmm {  
     pipe("/var/run/tmm.pipe");  
  };  
  destination d_tmm {  
     file("/var/log/tmm" create_dirs(yes));  
  };  
  log {  
      source(s_tmm);  
      destination(d_tmm);  
  };  
  

The most reliable way to direct all of these messages to a remote server would be to re-define the destination stanza.

HTH

/deb

I found this in a askf5 solution.

 

 

Direct all log information to remote syslog server

 

destination remote_server {

 

udp("x.x.x.x" port (514));

 

};

 

filter f_alllogs {

 

level (debug...emerg);

 

};

 

log {

 

source(local);

 

filter(f_alllogs);

 

destination(remote_server);

 

};

 

 

However, it does not really direct ALL logs, e.g. I did not find tmm messages in the syslog server. Do I need to add the syslog server to every destination parameter in order to direct all logs? e.g.

 

 

source s_tmm {

 

pipe("/var/run/tmm.pipe");

 

};

 

destination d_tmm {

 

file("/var/log/tmm" create_dirs(yes));

 

udp("10.10.10.10" port (514));

 

};

 

log {

 

source(s_tmm);

 

destination(d_tmm);

 

};

Hi,

 

On LTM v9.4.3 and later you will find that /etc/syslog-ng/syslog-ng.conf is actually a symlink to /var/run/config/syslog-ng.conf and will therefore be re-written on boot time. The settings are instead loaded from the BigDB.

 

To forward all syslog events to a remote syslog server you can use the following statements to update the bigdb (and current config)

 

 

bigpipe syslog remote server

 

bigpipe syslog remote port 514

 

bigpipe syslog local ip

 

 

Obviously, you'll still need to setup syslog(ng) on your remote server to distinguish between the syslog facilities (and any other custom filters you wish to add)

 

Rob.