On one VM I have this in /etc/rsyslog.d/50-default.conf
*.* @192.168.29.1:42185
# Default rules for rsyslog.
On the vm with fluentd I have this:
I have this in /etc/td-agent/td-agent.conf
<source>
type syslog
port 42185
tag rsyslog
</source>
<match rsyslog.**>
type copy
<store>
# for debug (see /var/log/td-agent.log)
type stdout
</store>
<store>
type elasticsearch
logstash_format true
flush_interval 10s # for testing.
</store>
</match>
But nothing seems to be getting sent to the remote machine, as I look in /var/log/td-agent.log and I see
2014-08-08 10:51:10 -0700 [info]: adding source type="syslog"
2014-08-08 10:51:10 -0700 [info]: adding source type="forward"
2014-08-08 10:51:10 -0700 [info]: adding source type="http"
2014-08-08 10:51:10 -0700 [info]: adding source type="debug_agent"
2014-08-08 10:51:10 -0700 [info]: adding match pattern="td.*.*" type="tdlog"
2014-08-08 10:51:10 -0700 [info]: adding match pattern="debug.**" type="stdout"
2014-08-08 10:51:10 -0700 [info]: adding match pattern="rsyslog.**" type="copy"
2014-08-08 10:51:10 -0700 [info]: listening fluent socket on 0.0.0.0:24224
2014-08-08 10:51:10 -0700 [info]: listening dRuby uri="druby://127.0.0.1:24230" object="Engine"
2
I don't know why the logs aren't being sent, and I don't see how to tell if there is something going wrong with rsyslog
and it just isn't sending the files.