To configure AxoSyslog on a relay host, complete the following steps:
-
Install the AxoSyslog application on the host. For details on installing AxoSyslog on specific operating systems, see Install AxoSyslog.
-
Configure the network sources that collect the log messages sent by the clients.
-
Create a network destination that points to the AxoSyslog server.
-
Create a log statement connecting the network sources to the AxoSyslog server.
-
Configure the local sources that collect the log messages of the relay host.
-
Create a log statement connecting the local sources to the AxoSyslog server.
-
Enable the
keep-hostname()and disable thechain-hostnames()options. (For details on how these options work, see Global options.)Note It is recommended to use these options on your AxoSyslog server as well. -
Set filters and options (for example, TLS encryption) as necessary.
NoteBy default, the AxoSyslog server treats the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original hostname on the AxoSyslog server, use the
keep-hostname(yes)option both on the AxoSyslog relay and the AxoSyslog server. This option can be set individually for every source if needed.If you are relaying log messages and want to resolve IP addresses to hostnames, configure the first relay to do the name resolution.
Example: A simple configuration for relays
The following is a simple configuration file that collects local and incoming log messages and forwards them to a logserver using the IETF-syslog protocol.
@version: 4.9.0
@include "scl.conf"
options {
time-reap(30);
mark-freq(10);
keep-hostname(yes);
chain-hostnames(no);
};
source s_local {
system(); internal();
};
source s_network {
syslog(transport(tcp));
};
destination d_syslog_tcp {
syslog("192.168.1.5" transport("tcp") port(2010));
};
log {
source(s_local); source(s_network);
destination(d_syslog_tcp);
};