[rsyslog-notify] Forum Thread: Forward log TCP/UDP - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Wed Aug 6 15:55:27 CEST 2014
User: Teddy.78
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24797#p24797
Message:
----------
Hello,
I have some trouble for understand how work rsyslog.
First what i have:
- One main rsyslog where all log are.
- One slave rsyslog who receive log from other machine and send all log to
man rsyslog
So at the slave I just forward (I also save log but we don't care here) log
and at the main rsyslog I want to keep the original Hostname and I can with
the line :
[code:1t1qx7sq]action (type="omfwd" Target="ip-man-syslog" Port="514"
Protocol="tcp")[/code:1t1qx7sq]
And i don't understand why that line work and when i receive log at the
main rsyslog at the field hostname I have the original Hostname (the
hostname of system who make the log)
BUT when i keep the same line just using udp instead of tcp I have the
hostname of the slave rsyslog and not the original hostname.
Someone can tell me why ?
I don't know if you really understand what I said, if you need more
information just ask me.
I know that it's not a problems because it's work like i want but I just
want to understand why.
Thanks,
Regards
More information about the rsyslog-notify
mailing list