What is the recommended way to send all logs to a syslog server?
I checked the manual and syslog is only briefly mentioned.
On both syslogd and rsyslogd the following is written but I couldn’t find more information about it.
Or does this mean that you can find the logs in journalctl and only need rsyslog if you want to send it to a server?
Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don’t need to run syslogd.
Right. For a simple system you don’t need rsyslog because journald logs everything.
Sending to another server is a good example of when you could use rsyslog.
This is how I setup a nixos client to send all messages to a syslog server an not keep a local copy:
services.rsyslogd = {
enable = true;
defaultConfig = "";
extraConfig = ''
action(
type="omfwd" # Output module for forwarding messages
protocol="tcp" # Use TCP (reliable transport)
target="logs.example.com" # Destination server (replace with your host)
port="514" # TCP port on the remote syslog server
queue.type="linkedList" # Best practice for network forwarding
)'';
};
The action is straight from Forwarding Logs - rsyslog 8 daily stable documentation, so remember to change target to your server.