Next: Things to think about Up: Some Core Recipies Previous: Things to think about Contents
Receiving Messages from a Remote System
This is a log-consolidation scenario. There exist at least two systems, a
server and at least one client. The server is meant to gather log data from all
the clients. Clients may (or may not) process and store messages locally. If
they do doesn't matter here. See recipe 2.1.2 for how to
configure the clients.
Note that in this scenario, we just receive messages from remote machines but do not process them in any special way. Thus, messages from both the local and all remote systems show up in all log files that are written (as well, of course, in all other actions). While the log files contain the source, messages from all systems are intermixed. If you would like to record messages from remote systems to files different from the local system, please see recipe 2.2.1 for a potential solution.
This scenario provides samples for both UDP and TCP reception. There exist
other choices (like RELP), but these are less frequently used. If in question
what to use, check the rsyslog module reference and protocol documentation.
Note that most devices send UDP messages by default. UDP is an unreliable
transmission protocol, thus messages may get lost. TCP supports much more
reliability, so if you can not accept message loss, you need to use TCP. Not
all devices support TCP-based transports.
Subsections
Next: Things to think about Up: Some Core Recipies Previous: Things to think about Contents Rainer Gerhards 2010-02-23