Is there a way to chain syslog forwarding? For example, how can a clienthost forward its syslogs to ServerA and ServerA forward everything to CentralSyslogServer?
I'm using rsyslog.
The reason is that Server A is a dual homed machine which gets logs from other hosts which should all be stored in CentralSyslogServer. Currently CentralSyslogServer seems to only be getting ServerA's local logs but nothing that was forwarded to ServerA from the clienthost.
Resolved:
I had to edit /etc/sysconfig/syslog and add -h to the SYSLOGD_OPTIONS
My mistake - serverA is using syslogd
Yes you can:
In clienthost's rsyslog.conf:
In ServerA's rsyslog.conf:
Of course, this is some really basic usage. Read the manual or online how-tos to get more advanced usage. Here's a little how-to about reliable forwarding with rsyslog.
To tell your servers to receive logs:
I think you need this manual: http://www.rsyslog.com/storing-and-forwarding-remote-messages/
It depends on the volume of syslogs you're getting but something like the free version of Splunk is just great at that kind of thing, not 100% sure it'll fit your requirement but thought I'd let you know anyway.