following the directions in the link... not sure if this was tested; but it doesn't work.
i've tested with the 00filenames as suggested and replaced with both IP and IP:PORT
and the system is not relaying any information to the upstream SYSLOG server.
moreover, this tip was for SME 7.x
and i tested with wireshark, and there is no traffic coming from the SME over SYSLOG/514.
the link was a starting point......
create the custom template
mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf
In testing i want the following to go to a remote server : auth authpriv daemon kern syslog
copy :
/etc/e-smith/templates/etc/syslog.conf/auth
/etc/e-smith/templates/etc/syslog.conf/authpriv
/etc/e-smith/templates/etc/syslog.conf/daemon
/etc/e-smith/templates/etc/syslog.conf/kern
/etc/e-smith/templates/etc/syslog.conf/syslog
to /etc/e-smith/templates-custom/syslog.conf
Modify the fragments to look like :
authpriv.* @192.168.1.170
Exxpand template
expand-template /etc/syslog.conf
Restart syslog
service syslog condrestart
Restart syslog on the remote machine as well
I now have logging details from main server ( 192.168.1.1) going to test server ( 192.168.1.170 )
Sep 20 11:11:17 proxmoxsme kernel: Symbols match kernel version 2.6.18.
Sep 20 11:11:17 proxmoxsme kernel: No module symbols loaded - kernel modules not enabled.
Sep 20 11:11:32 192.168.1.1 exiting on signal 15
Sep 20 11:11:32 192.168.1.1 syslogd 1.4.1: restart.
Sep 20 11:11:32 192.168.1.1 kernel: klogd 1.4.1, log source = /proc/kmsg started.
Sep 20 11:11:32 192.168.1.1 kernel: Inspecting /boot/System.map-2.6.18-371.12.1.el5
Sep 20 11:11:32 192.168.1.1 kernel: Loaded 30910 symbols from /boot/System.map-2.6.18-371.12.1.el5.
Sep 20 11:11:32 192.168.1.1 kernel: Symbols match kernel version 2.6.18.
Sep 20 11:11:32 192.168.1.1 kernel: No module symbols loaded - kernel modules not enabled.
Sep 20 11:12:00 192.168.1.1 mountd[26965]: Caught signal 15, un-registering and exiting.
Sep 20 11:12:00 192.168.1.1 kernel: nfsd: last server has exited
Sep 20 11:12:00 192.168.1.1 kernel: nfsd: unexporting all filesystems
Sep 20 11:12:01 192.168.1.1 kernel: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
Sep 20 11:12:01 192.168.1.1 kernel: NFSD: starting 90-second grace period
Sep 20 11:12:01 192.168.1.1 pptpd[27737]: MGR: Maximum of 100 connections reduced to 5, not enough IP addresses given
Sep 20 11:12:01 192.168.1.1 pptpd[27737]: MGR: Manager process started
Sep 20 11:12:01 192.168.1.1 pptpd[27737]: MGR: Maximum of 5 connections available
Sep 20 11:12:01 192.168.1.1 dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat
Sep 20 11:12:01 192.168.1.1 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Sep 20 11:12:01 192.168.1.1 dhcpd: All rights reserved.
Sep 20 11:12:01 192.168.1.1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Sep 20 11:12:01 192.168.1.1 dhcpd: Wrote 0 deleted host decls to leases file.
Sep 20 11:12:01 192.168.1.1 dhcpd: Wrote 0 new dynamic host decls to leases file.
Sep 20 11:12:01 192.168.1.1 dhcpd: Wrote 55 leases to leases file.
Sep 20 11:12:02 192.168.1.1 dhcpd: Listening on LPF/eth0/a0:b3:cc:e1:81:00/192.168.1/24
Sep 20 11:12:02 192.168.1.1 dhcpd: Sending on LPF/eth0/a0:b3:cc:e1:81:00/192.168.1/24
Sep 20 11:12:02 192.168.1.1 dhcpd: Sending on Socket/fallback/fallback-net
Sep 20 11:12:15 192.168.1.1 mountd[27722]: Caught signal 15, un-registering and exiting.
Sep 20 11:12:15 192.168.1.1 kernel: nfsd: last server has exited
Sep 20 11:12:15 192.168.1.1 kernel: nfsd: unexporting all filesystems
Sep 20 11:12:15 192.168.1.1 kernel: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
Sep 20 11:12:15 192.168.1.1 kernel: NFSD: starting 90-second grace period
Sep 20 11:12:15 192.168.1.1 pptpd[28042]: MGR: Maximum of 100 connections reduced to 5, not enough IP addresses given
Sep 20 11:12:15 192.168.1.1 pptpd[28042]: MGR: Manager process started
Sep 20 11:12:15 192.168.1.1 pptpd[28042]: MGR: Maximum of 5 connections available
Sep 20 11:12:16 192.168.1.1 dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat
Sep 20 11:12:16 192.168.1.1 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Sep 20 11:12:16 192.168.1.1 dhcpd: All rights reserved.
Sep 20 11:12:16 192.168.1.1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Sep 20 11:12:16 192.168.1.1 dhcpd: Wrote 0 deleted host decls to leases file.
Sep 20 11:12:16 192.168.1.1 dhcpd: Wrote 0 new dynamic host decls to leases file.
Sep 20 11:12:16 192.168.1.1 dhcpd: Wrote 55 leases to leases file.
Sep 20 11:12:16 192.168.1.1 dhcpd: Listening on LPF/eth0/a0:b3:cc:e1:81:00/192.168.1/24
Sep 20 11:12:16 192.168.1.1 dhcpd: Sending on LPF/eth0/a0:b3:cc:e1:81:00/192.168.1/24
Sep 20 11:12:16 192.168.1.1 dhcpd: Sending on Socket/fallback/fallback-net
[root@proxmoxsme syslog]#
to undo, remove custom templates and restart syslog
Note on the test server i opened udp and tcp port 514, and forwarded incoming from 192.168.1.1 to localhost on the test server;
also created custom template on the test server :
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog
with fragment :
10NoMARKs
containing :
cat /etc/e-smith/templates-custom/etc/sysconfig/syslog/10NoMARKs
# we don't want the MARK ticks
SYSLOGD_OPTIONS="-r -m 0"