Forwarding logs from rsyslog client to a remote rsyslogs server

Software Requirements

1. Linux operating system
2. Rsyslog installed (version 5.0 or higher recommended)
3. Root or sudo access

Network Requirements

1. Network connectivity between client and remote server
2. Defined IP address of the remote Rsyslog server
3. Open network ports (typically 514 for UDP or TCP)

Step 1: In the Rsyslog Client (machine)

1. To login as root just type : sudo i-
2.  Enter root password
3. Type: sudo yum update  && yum install rsyslog,                                                    Note: please verify if syslog is successfully installed.
4. Type the following commands for rsyslog Client  : systemctl start rsyslog and systemctl enable rsyslog
   
5. Check the status of the rsyslog using this command: systemctl status rsyslog                                 Note: It should be in active state
   

Step 2: In the Rsyslog Server

1. Type this command  to edit : vim /etc/rsyslog.conf
2. Find the lines if enabled $Modload imusock and $Modload imjournal
3. Find the lines  $Modload imudp and $UDPServerRun 514 and enable it. Note: (Remove the # sign to enable it)
4. in the line below find the lines  $Modload imtcp and $inputTCPServerRun  514 and enable it. Note: (Remove the # sign to enable it)
5. Add this line below
   $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
   * .*  ?RemoteLogs
   &  ~
6. Save the file.
7. Type this command: systemctl restart rsyslog
                                             setenforce Permissive
                                             systemctl disable firewalld
                                             systemctl stop firewalld

Step 3: In the Rsyslog Client

1. Type this command : vim /etc/rsyslog.conf
2. Insert this line : *.* (ServerIP:port)  and save
3. Type this command : systemctl restart rsyslog 
4. Now type the command: ls -1
5. It should have the Rsyslog client hostname directory  and under that folder it should have  (rsyslogd.log) directory