Forwarding logs from rsyslog client to a remote rsyslogs server
Software Requirements
- Linux operating system
- Rsyslog installed (version 5.0 or higher recommended)
- Root or sudo access
Network Requirements
- Network connectivity between client and remote server
- Defined IP address of the remote Rsyslog server
- Open network ports (typically 514 for UDP or TCP)
Step 1:
In the Rsyslog Client (machine)
- To login as root just type : sudo i-
- Enter root password
- Type: sudo yum update && yum install rsyslog, Note: please verify if syslog is successfully installed.
- Type the following commands for rsyslog Client : systemctl start rsyslog and systemctl enable rsyslog
- Check the status of the rsyslog using this command: systemctl status rsyslog Note: It should be in active state
Step 2: In the Rsyslog Server
- Type this command to edit : vim /etc/rsyslog.conf
- Find the lines if enabled $Modload imusock and $Modload imjournal
- Find the lines $Modload imudp and $UDPServerRun 514 and enable it.
NoteNote: (Remove the # sign to enableuncommentit) - in
lines.the line below find the lines $Modload imtcp and $inputTCPServerRun 514 and enable it. Note: (Remove the # sign to enable it) - Add this line below
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
* .* ?RemoteLogs
& ~ - Save the file.
- Type this command: systemctl restart rsyslog
setenforce Permissive
systemctl disable firewalld
systemctl stop firewalld
Step 3: In the Rsyslog Client
- Type this command : vim /etc/rsyslog.conf
- Insert this line : *.* (ServerIP:port) and save
- Type this command : systemctl restart rsyslog
- Now type the command: ls -1
- It should have the Rsyslog client hostname directory and under that folder it should have (rsyslogd.log) directory