Hi Guys,
I have integrated RHLinux servers 6.3. I have added entry as *.* @collector in syslog.conf file. With this configuration, all logs should receive at collector end but this is not the case.
Logs from sshd client are not coming in collector. I have checked with server owner that whether there are any rules which may block sshd logs. But there are no such rules present.
What are the possible reasons behind this issue? Please help me with this.
Hi Atul,
If I understand correctly what you are saying logs from these Red Hat server, in general, are being forwarded successfully to the Log Collector/Log Decoder. But not, in specific, sshd logs.
If this is the case I would first check if syslog.conf contains an entry for /var/log/secure. It could also be the line is commented for example.
Regards,
G.