I used /etc/syslog-ng/syslog-ng.conf in SLES11 to send logs to our Splunk server, but SLES12 does not use syslog-ng. How do I send logs to Splunk in SLES12?
I believe rsyslog is used in SLES 12, so Google provides hits there, but
essentially add a line like the following to, preferably, a new file under
/etc/rsyslog.d/ named for what you want to do:
*.* @@192.168.1.1:10514–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
On 24/08/17 13:02, ab wrote:
[color=blue]
I believe rsyslog is used in SLES 12, so Google provides hits there, but
essentially add a line like the following to, preferably, a new file under
/etc/rsyslog.d/ named for what you want to do:
*.* @@192.168.1.1:10514[/color]
Both /etc/rsyslog.conf (and /etc/rsyslog.d/remote.conf referenced by
rsyslog.conf) note the need to enable on-disk queues in remote.conf when
using remote logging so you should do that too!
HTH.
Simon
SUSE Knowledge Partner