Remote Syslog

Jon Irish

New Member
Aug 1, 2018
12
0
1
58
I would like to send all of my ProxMox syslog messages to an external Splunk server. However, I have not been able to locate an option to forward syslog within the ProxMox GUI. A Google search did not have any results. I did see something for the mail gateway, but those settings don't appear to apply to VE. Is this simply setting up the syslog configuration of the underlying OS (Debian) to forward syslog?

Thanks,
Jon
 
Actually there is an even better method to forward the logs: relp-tls. You have encryption but also reliability. Works perfectly with rsyslogd.
Now I'm trying to understand where are all specific logs for proxmox, in order to verify that all that logs are correctly forwarded.
 
Last edited:
is there a Debian package for relp-tls ? I just searched and did not find using that word. We just happen to be converting to use rsyslog-gnutls and almost have that figured out.... so if what you mention is easier we'll test it out.
 
These are the packages needed for relp-tls (versions for debian 10).
rsyslog 8.1901.0-1
rsyslog-gnutls 8.1901.0-1
rsyslog-relp 8.1901.0-1

And to understand better, it's about using rsyslog relp protocol over a gnu-tls connection (in newer version you can use also openssl, not just gnutls).
It's not easier (but also not very harder), if you already had added the tls option relp will be "a piece of cake" :p

A very good article about how to implement everything is:
https://selivan.github.io/2017/02/0...save-filename-handle-multi-line-failover.html
 
  • Like
Reactions: guletz