Skip to main content

Forwarding logs from rsyslog client to a remote rsyslogs server

Introduction

This guide will walk you through setting up Rsyslog for log forwarding between a client and a remote server using Linux.

Setup

Server: The machine which will send message
Client:  The machine which will receive the message

 Prerequisites

 Software Requirements

    •  Linux operating system
    • Rsyslog (version 5.0 or higher recommended)
    • Root or sudo access

Network Requirements

    • Network connectivity between client and remote server
    • Known IP address of the remote Rsyslog server
    • Open network ports (typically 514 for UDP or TCP)

Step-by-Step Configuration Guide

Preparation
Before beginning, ensure you have:
    • Administrative (root) access
    • Stable network connection
    • IP address of the remote server
Step 1: Rsyslog Client Configuration

 1.1 Obtain Root Access

image.png

sudo -i
        • Enter your root password when prompted

 1.2 Update System Packages

image.pngIf you are using DNF, use the command below:

sudo dnf update

If you are using YUM, use the command below:

sudo yum update

 1.3 Install Rsyslog

image.pngIf you are using YUM, use the command below:

sudo yum install rsyslog

If you using DNF, use the command below:

sudo dnf install rsyslog

Verification Tip: Confirm Rsyslog is installed successfully

 1.4 Start and Enable Rsyslog Service


image.png

sudo systemctl start rsyslog
sudo systemctl enable rsyslog


 1.5 Check Rsyslog Status

image.png

sudo systemctl status rsyslog

Expected Result:  Service should be in an active state

 

Step 2: Rsyslog Server Configuration

 2.1 Edit Rsyslog Configuration

image.png

 2.2 Enable UDP and TCP Modules
- Find and uncomment the following lines by removing the `#` symbol:

  image.png

2.3 Configure Log Template
Add the following line to define log storage:

image.png

2.4 Apply Server Configuration

image.png

Step 3: Final Client Configuration

3.1 Modify Client Rsyslog Configuration

image.png

3.2 Add Remote Server Logging Rule
Insert the following line (replace `ServerIP` with actual IP):

image.png

 3.3 Restart Rsyslog on Client

image.png

3.4 Verify Log Directory
Type : ls -1
Expected Result: 
Should see a directory with the client's hostname
Contains files like `rsyslogd.log` and `systemd.log`

Troubleshooting Tips
Ensure firewall settings allow log forwarding
Verify network connectivity between client and server
Check Rsyslog service status if logs aren't forwarding

Security Considerations
- Configure firewall rules appropriately
- Use encrypted log transmission when possible
- Regularly review and rotate logs

Common Issues
1. Port Blocking: Ensure port 514 is open
2. Permission Errors Verify root/sudo access
3. Network Connectivity: Check server IP and network settings

Conclusion
By following these steps, you should have successfully configured Rsyslog for log forwarding between a client and a remote server.

**Note:** Always test in a controlled environment first and adapt instructions to your specific system configuration.

Back to top