When I try to send data to multiple rsyslog servers, it is picking only the first forwarding rule and ignoring rest.
my rsyslog client conf file.
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& ~
###
### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###
if I comment forwading rule#1, it take rule#2.
From rsyslog documentation : ( http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/ )
The next line (“& ~”) is important: it tells rsyslog to stop processing the message after it was written to the log
So that (normaly) works :
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
###
### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###
Or Simply :
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& @@rsyslog1.abc.com:10514
###