1

I'm trying to configure a central syslog server running rsyslog. I've set up the configuration so that it is capturing the firewall logs from our Cisco router.

We have an NFS share attached to the syslog server, I'd like to store the logs here but everytime I try and set it as the store location for the logs I stop receiving the logs from the router. Is it possibly to use another directory other than /var/log to store logs?

Improve this question
3
  • 1
    1) have you configured it on rsyslog configuration file ? 2) is write-by-root access allowed on NFS server ? (you may need spacial setup for latter case) Commented Nov 17, 2017 at 14:35
  • 1
    Try running with debug, sudo rsyslogd -dn to see if it provides any messages. Add the relevant lines from your nfs exports, and the syslog config to your post if you want better answers. Commented Nov 17, 2017 at 15:34
  • Did you set permissions on the new directory correctly? Commented Nov 18, 2017 at 7:56

1 Answer 1

Reset to default
0

One solution would be to set up a cron job (or systemd.timer) to rsync everything in /var/log/ to the NFS share at regular intervals.

That way, you'll also have an extra set of logs, in case the log server or NFS share go down for some reason.

Improve this answer
2
  • 1
    I think its not a smart solution and not an answer to the question. What if the logs are heavy? Then they would occupy double the space on system. Commented Nov 18, 2017 at 7:27
  • It is a simple solution that provides redundancy. The files will not occupy double space on the machine, since the copy is sent to another server, as per the question. If the logs are heavy, then rsync has an update option that skips existing/older files, making only the first run heavy. Commented Nov 19, 2017 at 5:06

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.