Home

omfwd

omfwd is an rsyslog forwarder module used to send syslog messages to remote destinations. As an output module, it enables forwarding of local logs to central log servers or SIEMs, supporting both standard UDP/TCP transport and RELP-based reliable delivery. It is commonly configured in rsyslog.conf as an action of type omfwd and is a core component for centralized logging architectures.

Configuration and usage: The module is activated by loading omfwd and defining actions of type omfwd with

Typical deployment scenarios include centralized collection, remote archival, or forwarding to security information and event management

See also: omrelp, rsyslog, syslog protocol (RFCs).

parameters
such
as
Target
(host
name
or
IP),
Port,
and
Protocol
(tcp,
udp,
or
relp).
Multiple
destinations
can
be
defined
to
enable
load
balancing
or
redundancy.
Messages
may
be
formatted
or
structured
via
templates
before
forwarding.
Additional
options
control
reliability,
queue
behavior,
and
TLS
for
secure
TCP
transport
(where
supported
by
the
rsyslog
build).
(SIEM)
systems.
The
omfwd
module
does
not
parse
or
enrich
messages;
its
role
is
to
transport
data
according
to
the
configured
destinations
and
transport
protocols.
It
complements
other
rsyslog
inputs
and
filters,
and
can
be
paired
with
omrelp
for
robust
delivery
guarantees.