Forwarding logs from rsyslog client to a remote rsyslogs server
Introduction
This guide will walk you through setting up Rsyslog for log forwarding between a client and a remote server using Linux.
Setup
Server: The machine which will send message
Client: The machine which will receive the message
Prerequisites
Software Requirements
-
- Linux operating system
- Rsyslog (version 5.0 or higher recommended)
- Root or sudo access
Network Requirements
-
- Network connectivity between client and remote server
- Known IP address of the remote Rsyslog server
- Open network ports (typically 514 for UDP or TCP)
Step-by-Step Configuration Guide
Preparation
Before beginning, ensure you have:
-
- Administrative (root) access
- Stable network connection
- IP address of the remote server
Step 1: Rsyslog Client Configuration
1.1 Obtain Root Access
sudo -i
-
-
-
- Enter your root password when prompted
-
-
1.2 Update System Packages
If you are using DNF, use the command below:
sudo dnf update
If you are using YUM, use the command below:
sudo yum update
1.3 Install Rsyslog
If you are using YUM, use the command below:
sudo yum install rsyslog
If you using DNF, use the command below:
sudo dnf install rsyslog
Verification Tip: Confirm Rsyslog is installed successfully
1.4 Start and Enable Rsyslog Service
sudo systemctl start rsyslog
sudo systemctl enable rsyslog
1.5 Check Rsyslog Status
sudo systemctl status rsyslog
Expected Result: Service should be in an active state
Step 2: Rsyslog Server Configuration
2.1 Edit Rsyslog Configuration
2.2 Enable UDP and TCP Modules
- Find and uncomment the following lines by removing the `#` symbol:
2.3 Configure Log Template
Add the following line to define log storage:
2.4 Apply Server Configuration
Step 3: Final Client Configuration
3.1 Modify Client Rsyslog Configuration
3.2 Add Remote Server Logging Rule
Insert the following line (replace `ServerIP` with actual IP):
3.3 Restart Rsyslog on Client
3.4 Verify Log Directory
Type : ls -1
Expected Result:
Should see a directory with the client's hostname
Contains files like `rsyslogd.log` and `systemd.log`
Troubleshooting Tips
Ensure firewall settings allow log forwarding
Verify network connectivity between client and server
Check Rsyslog service status if logs aren't forwarding
Security Considerations
- Configure firewall rules appropriately
- Use encrypted log transmission when possible
- Regularly review and rotate logs
Common Issues
1. Port Blocking: Ensure port 514 is open
2. Permission Errors Verify root/sudo access
3. Network Connectivity: Check server IP and network settings
Conclusion
By following these steps, you should have successfully configured Rsyslog for log forwarding between a client and a remote server.
**Note:** Always test in a controlled environment first and adapt instructions to your specific system configuration.