[rsyslog-notify] Forum Thread: Forward all received syslogs to remote server - (Mode 'post')

[noreply at adiscon.com]

User: brucegillespie 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26874#p26874

Message: 
----------
Hi.

Our Linux System Administrator is away, and I am a bit rusty with Linux,
but I need to get something done reasonably quickly.  I am attempting to
configure rsyslog 8.4.0-11.1 on a SUZE Linux / SLES 12 system to forward
all received syslog traffic coming from multiple Linux / Unix servers to a
single remote syslog (Graylog) server.  I thought it would be pretty
straight forward, but I'm clearly missing something, and it isn't working
for me.  I wonder if anyone is able to spot my error and advise me how to
fix it please?

We're receiving syslog forwards from multiple clients OK,  so I thought
just needed to edit /etc/rsyslog.d/remote.conf to point the received logs
to the desired remote target, i.e. the Graylog server.  As you can see by
the changes below - I've tried a few variations, but had no joy.

ausigrmalog001p:/etc/rsyslog.d # diff remote.conf
remote.conf.bak.sitbrg1.20160813
32d31
< #*.* @@AUSIGRMAGLM001P:514
37,40d35
< #*.* @AUSIGRMAGLM001P:514
< #*.* @10.196.16.212:514
< #*.* @10.196.16.212
< *.* @AUSIGRMAGLM001P

I've restarted the rsyslog service after each config change using both
systemctl restart rsyslog and rcsyslog restart, and noted a succsessful
restart, PIDs changing, etc.
I've tested that the remote syslog box is resolvable by name, and also
tested sending "hello world" messages to it on port 514 via netcat.  All
looks well.  Do I have to make any other changes to facilitate this syslog
forward requirement?

Thanks for reading