Skip to main content

Forwarding logs from rsyslog client to a remote rsyslogs server

Introduction

This guide will walk you through setting up Rsyslog for log forwarding between a client and a remote server using Linux.

Setup

Server: The machine which will send message
Client:  The machine which will receive the message

 Prerequisites

 Software Requirements

    •  Linux operating system
    • Rsyslog (version 5.0 or higher recommended)
    • Root or sudo access

Network Requirements

    • Network connectivity between client and remote server
    • Known IP address of the remote Rsyslog server
    • Open network ports (typically 514 for UDP or TCP)

Step-by-Step Configuration Guide

Preparation
Before beginning, ensure you have:
    • Administrative (root) access
    • Stable network connection
    • IP address of the remote server
Step 1: Rsyslog Client Configuration

 1.1 Obtain Root Access

sudo -i
        • Enter your root password when prompted

 1.2 Update System Packages

If you are using DNF, use the command below:

sudo dnf update

If you are using YUM, use the command below:

sudo yum update

 1.3 Install Rsyslog

If you are using YUM, use the command below:

sudo yum install rsyslog

If you using DNF, use the command below:

sudo dnf install rsyslog

Verification Tip: Confirm Rsyslog is installed successfully

 1.4 Start and Enable Rsyslog Service

sudo systemctl start rsyslog
sudo systemctl enable rsyslog


 1.5 Check Rsyslog Status

sudo systemctl status rsyslog

Expected Result:Result:  Service should be in an active state

Step 2: Rsyslog Server Configuration

 2.1 Edit Rsyslog Configuration

image.png

 2.2 Enable UDP and TCP Modules
- Find and uncomment the following lines by removing the `#` symbol:

  image.png

2.3 Configure Log Template
Add the following line to define log storage:

image.png

2.4 Apply Server Configuration

image.png

Step 3: Final Client Configuration

3.1 Modify Client Rsyslog Configuration

image.png

3.2 Add Remote Server Logging Rule
Insert the following line (replace `ServerIP` with actual IP):

image.png

 3.3 Restart Rsyslog on Client

image.png

3.4 Verify Log Directory
Type : ls -1
Expected Result: 
Should see a directory with the client's hostname
Contains files like `rsyslogd.log` and `systemd.log`

Troubleshooting Tips
Ensure firewall settings allow log forwarding
Verify network connectivity between client and server
Check Rsyslog service status if logs aren't forwarding

Security Considerations
- Configure firewall rules appropriately
- Use encrypted log transmission when possible
- Regularly review and rotate logs

Common Issues
1. Port Blocking: Ensure port 514 is open
2. Permission Errors Verify root/sudo access
3. Network Connectivity: Check server IP and network settings

Conclusion
By following these steps, you should have successfully configured Rsyslog for log forwarding between a client and a remote server.

**Note:** Always test in a controlled environment first and adapt instructions to your specific system configuration.

Back to top