Hi All, I'm currently trying to configure syslog offloading and I'd like to know if there is a way through the UI (or tmsh) of setting the outbound transport to run over TCP. We don't use UDP in our environment, and I'd rather not have to manually edit the syslog-ng.conf file.
Ideas?
Thanks,
Josh Becigneul
Cirrostratus
I think you'll need to use tmsh to import a custom syslog-ng configuration stanza. This default command doesn't seem to support a protocol property:
modify /sys syslog remote-servers add { {host remote-port }}
Here's a solution from Alscion:
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/32/afv/topic/aft/2159228/afc/2235755/Default.aspx
tmsh modify sys syslog include "destination remote_server {tcp(\"10.1.0.100\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};"
Aaron
Andrew, You could probably do something like this. Just double up the destination and log statements. (This is untested, fyi)
tmsh modify sys syslog include "destination remote_server {tcp(\"10.1.0.100\" port (514));};filter f_alllogs {level (debug...emerg);};log {source(local);filter(f_alllogs);destination(remote_server);};destination remote_server2 {tcp(\"10.1.0.102\" port (514));};log {source(local);filter(f_alllogs);destination(remote_server2);};"