Skip to main content

Sending copy of logs to the remote syslog server

Comments

8 comments

  • cPanelMichael
    Hello :) You could setup a cron job that manually transfers specific log files to the remote server via SFTP or SCP. Thank you.
    0
  • InteractM
    So there is no way to send it over port 514?
    0
  • cPanelMichael
    There is no native support with cPanel to configure syslogd to store log files on a remote server. However, you could install rsyslogd and make custom changes to allow for it. Here is a basic guide that may be helpful: [QUOTE]1. Uncomment the remote host line and add the remote server's IP address in /etc/rsyslog.conf: Change #*.* @@remote-host:514
    to *.* @@:514
    2. Make sure the remote syslog host is configured to allow in port 514 from your cPanel server. 3. Restart rsyslogd on your cPanel server with "/scripts/restartsrv_rsyslogd". Once you have verified that remote syslog is working, you may wish to adjust some of the forwarding parameters that appear in this section of /etc/rsyslogd.conf: # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /var/lib/rsyslog # where to place spool files #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ###
    Thank you.
    0
  • InteractM
    Well, I have uncommented the remote host line and changed to (on cPanel server) *.* @@A.B.C.D:514 Then went to A.B.C.D and added cPanel server IP to the AllowedSender lines (for TCP and UDP). Restarted rsyslog on both servers. So far I'm not getting anything from cPanel server (I'm getting logs from other servers or devices). Any thoughts? Thanks
    0
  • cPanelMichael
    The following third-party URL may also contain useful information: Rsyslog Remote Logging You can also try the Rsyslog forums at: Rsyslog Forums Thank you.
    0
  • InteractM
    It is not an issue with centralized syslog server, because that one works fine (as I mentioned above) but cPanel server is not forwarding anything to the centralized syslog server. For an example Webmin servers didn't have that kind issue.
    0
  • cPanelMichael
    I am not aware of any cPanel limitations that would be preventing it from working as intended. It's typically outside the scope of support to assist with custom modifications, but you are welcome to open a support ticket if you feel this issue is directly related to an issue with cPanel: Submit A Ticket You can provide the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • InteractM
    OK guys - I have that resolved. Issue was with forwarding logs to a remote syslog server via TCP using private IP Here is a workaround: Edit local /etc/rsyslog.conf and add that line: *.info;mail.none;authpriv.none @:514 Edit remote /etc/rsyslog.conf and add that line: $AllowedSender UDP, X.Y.Z.0/24 $AllowedSender TCP, X.Y.Z.0/24 where X.Y.Z is your public IP from where logs are forwarded.
    0

Please sign in to leave a comment.