May 18, 2010 2:57 PM
Forward/Relay Syslog messages
-
Like (0)
I have some devices that can only send to 1 syslog host, so I've set the device to point to the zenoss server but I also want these syslog messages sent to another syslog server. I remember reading a doc on how to setup zenoss to recieve syslog messages and then relay them onto another syslog server, but I can't seem to find it now. Does anyone know how to do this?
You should setup a syslog-ng install, send the syslog messages to it and then forward them to zenoss.
These are network devices that do not support syslog-ng. Is it possible to send regular syslog messages to the syslog-ng server and then have the syslog-ng server relay the messages to another regular syslog server?
If the devices are capable of sending syslog messages, then syslog-ng will work. Syslog-ng is an open-source re-write of the original syslog daemon. It features a good log filtering mechanism. It is easy to learn how to build the filters. I use it to accept log messgaes from network devices of all sorts and forward the messages to the appropriate NMS platforms. It is in active development.
tc,
What OS are you running your Zenoss system on? RHEL systems do not support syslog-ng, but do support rsyslog. Many other OS's do support syslog-ng. (Yes I know there are syslog-ng rpms out there, but some like to keep the OS free from unsupported applications.)
I wrote this article HOWTO make syslog and zensyslog coexist on an RHEL machine but it doesn't cover setting up a relay. I know both rsyslog and syslog-ng do support relay mechanisms.
phonegi, I'm running syslog-ng on RHEL3 and RHEL5 systems with no problems. I'm not aware of any restriction that would prevent syslog-ng from running on RHEL. In my environment, I have a dedicated system for syslog-ng, which forwards the events to Zenoss on a separate platform (also RHEL5).
What would take some work, and is what you've probably done, is running Zenoss and syslog-ng on the same system. The major work would be to determine port settings so that syslog-ng gets the syslog events and forwards them to Zenoss which would listen on a different port.
I more correctly should have stated that syslog-ng is not available via the CentOS core repositories (base, updates, or extras). Obviously, most apps can be installed via manual compilation. Some admins are wary of installing "unofficial" applications that may at some point conflict with future updates.
I agree. Thanks for the clarification.
yes, syslog-ng accepts regular syslog and forwards on to one or more syslog destinations, the syslog message when forwarded will still look like it came from the original destination.
There is an option, spoof-source, in syslog-ng to have it forward the message and use the source address of the original system that generated the syslog message. Some syslog systems require this. I had to rebuild syslog-ng using '../configure --enable-spoof-source' to have it support this option, then the config file needs the destination configuration to specify that source spoofing should be used:
destination d_zenoss { udp("10.9.9.9" spoof_source(yes)); };
Even with this enabled in my syslog-ng, Zenoss worked best for me when I enabled the 'parsehost' option in the zensyslog daemon.
Follow Us On Twitter »
|
Latest from the Zenoss Blog » | Community | Products | Services Resources | Customers Partners | About Us | ||
Copyright © 2005-2011 Zenoss, Inc.
|
||||||||