Syslog
Instructions for setting up rsyslog server
Instructions for setting up rsyslog server
Run the following commands
yum -y install rsyslog
Edit the rsyslog.conf file
vim /etc/rsyslog.conf
Edit the following lines from
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
To
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
This will allow the server to listen on both UDP and TCP connections on port 514.
Add the following lines in order to separate log files by hostname and program.
$template TempAuth, "/var/log/infosys/%HOSTNAME%/%PROGRAMNAME%.log"
$template TempMsg, "/var/log/infosys/%HOSTNAME%/%PROGRAMNAME%.log"
if ($fromhost-ip != "127.0.0.1" ) then ?TempAuth
& ~
if ($fromhost-ip != "127.0.0.1" ) then ?TempMsg
& ~
Restart the service and then check if the server is listening correctly.
systemctl restart rsyslogs
ystemctl enable rsyslog
netstart -antup | grep 514
The above command should return the following
Open up the following firewall ports and restart the service
firewall-cmd --permanent --add-port=514/udp
firewall-cmd --permanent --add-port=514/tcp
firewall-cmd --reload
Instructions for setting up rsyslog client
Instructions for setting up rsyslog client
Edit the rsyslog.conf file
vim /etc/rsyslog.conf
Add the following line to the "##RULES##" section. This command will send all logs to the logging server.
*.* @192.168.1.3:514
If you wish to send log files over TCP instead of UDP. Add another "@" symbol. As shown below
*.* @@192.168.1.3:514
Restart and enable on startup the rsyslog client.
systemctl restart rsyslog
systemctl enable rsyslog