Forwarding Logs#

rsyslog can forward log messages to remote servers. This is often done to centralize logs, improve analysis, or send data to SIEM or monitoring systems.

Minimal Forwarding Example (TCP)#

Add the following snippet to your /etc/rsyslog.conf or to a file inside /etc/rsyslog.d/:

# Forward all messages to a remote server using TCP.
# The linked-list queue prevents blocking if the server is temporarily unreachable.
action(
    type="omfwd"              # Output module for forwarding messages
    protocol="tcp"            # Use TCP (reliable transport)
    target="logs.example.com" # Destination server (replace with your host)
    port="514"                # TCP port on the remote syslog server
    queue.type="linkedList"   # Best practice for network forwarding
)

Why use queue.type=”linkedList”?#

When a remote server goes offline, a direct TCP forwarding action can block and delay local logging. Using a queue ensures that messages are stored temporarily and sent once the connection recovers. This is a recommended default for TCP-based forwarding.

Forwarding via UDP#

UDP is a connectionless protocol and does not block, so queues are not required in this case. To forward messages via UDP, modify the protocol:

# Forward all messages to a remote server using UDP.
action(
    type="omfwd"
    protocol="udp"            # UDP (unreliable, but lower overhead)
    target="logs.example.com"
    port="514"
)

Testing the Connection#

To verify that logs are reaching the remote server:

  1. Send a test message locally: .. code-block:: bash

    logger “test message from $(hostname)”

  2. Check the remote server’s logs for the test message.

Advanced Queue Tuning#

The default queue parameters work for most cases. For high performance or large bursts of logs, you can adjust settings such as:

  • queue.size – Number of messages stored in the queue.

  • queue.dequeueBatchSize – Number of messages processed per batch.

See General Queue Parameters for details.

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.