[TUTORIAL] How to sync all Slave logs to the Master in real-time

K

kez

Member
Proxmox Subscriber
Mar 26, 2023
68
10
8
Tested Working on Mail Gateway 7.3-3

To get all cluster nodes to log their messages to the Master server > Tracking Center:

On Master:

Edit /etc/rsyslog.conf

Code: 
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

Then: systemctl restart rsyslog

On Cluster memeber nodes:

Edit /etc/rsyslog.conf

Code: 
###############
#### RULES ####
###############


#
# First some standard log files.  Log by facility.
#


*.*     @@<IPofMaster>

Then systemctl restart rsyslog

That's it! You now have all cluster member nodes logging to the Master.

PS - Remember to firewall/restrict port 514 on the Master server to only accept from the Slave member nodes.
 
  • Like
Reactions: michabbs, Remarkable-Guille and thinhnhd
I tried to achieve this in current PMG 8. This looks strange to me:

Original log line on slave:
2023-07-10T20:22:09.310604+00:00 zack postfix/pickup[211940]: 4BAA1299E: uid=0 from=<root>

The same log line after transfer to master:
2023-07-10T20:22:09.310604+00:00 zack postfix[211940] 4BAA1299E: uid=0 from=<root>

Why they are not identical? What happened to /pickup part? How to fix it?
 
I am not able to get Tracking Center to work with shared logs on PMG 8. :-(

On master I added /etc/rsyslog.d/imtcp.conf:
Code: 
# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514
$AllowedSender TCP, ip.ip.ip.ip

On slave I added /etc/rsyslog.d/pmg-master.conf:
Code: 
mail.*     @@slave.doman;RSYSLOG_SyslogProtocol23Format

Logs seems to be correcly sent from slave to master. I can see lines from both nodes in /var/log/mail.log on master:
Code: 
2023-07-13T20:13:46.459954+00:00 master pmg-smtp-filter[276911]: end database maintenance (7 ms)
2023-07-13T20:14:50.615759+00:00 slave pmg-smtp-filter[303636] starting database maintenance

But in the Tracking Center on master there are only master-processed emails visible. :-(
Any ideas?
 
I don't jump to v8 too... but it's important for me to know if this work in v8 !...

Did you try to simplify the config ? For example : without ";RSYSLOG_SyslogProtocol23Format" ...
 
LeFred said:
As vsupport notes, can you see if /var/log/syslog contains the lines too ?
Click to expand...
Yes, everything is in /var/log/syslog too.

I am really curious why the log entries on both nodes are not identical (#4). The difference must come from some reason and this is where I would look for problems. But no idea what's the reason... :-(
 
I see it seems to be an error from rsyslog. On PMG8 I edited the rsyslog configuration on the master node as follows and it solved the problem.
Code: 
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
$ModLoad imtcp
$InputTCPServerRun 514
 
Slave requires /etc/rsyslog.d/pmg-master.conf:

Code: 
mail.*     @@master.address;RSYSLOG_ForwardFormat

...and voila! It works. :-)
 
  • Like
Reactions: LeFred
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom