Rsyslog-
Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network.
Packages- rsyslog
Port No- 514
Daemon- rsyslog
Script- /etc/init.d/rsyslog
Conf file- /etc/rsyslog.conf
My Rsyslog Server Details..
My Rsyslog server details are:
Syslog Server: syslog.ashu.com 192.168.0.254Client Server: client.ashu.com 192.168.0.253 Server Side Configuration- Step-1. Install 'rsylog' Package.. # yum install rsylog -y Step-2.Next, we need to tell rsyslog to accept remote TCP and UDP syslog requests. At the top of the file “/etc/rsyslog.conf”, at the top of the file, change the below lines. # vim /etc/rsyslog.conf_____________________________________________________# Provides UDP syslog reception
#$ModLoad imudp ---->Uncomment this line
#$UDPServerRun 514 ---->Uncomment this line
# Provides TCP syslog reception
#$ModLoad imtcp ---->Uncomment this line
#$InputTCPServerRun 514 ---->Uncomment this line_____________________________________________________To This-________________________________________________
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514 :wq! ________________________________________________Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. - See more at: http://www.unixmen.com/install-and-configure-rsyslog-in-centos-6-4-rhel-6-4/#sthash.1Fm53KH8.dpuf
Step-3 Restart the rsyslog service.# service rsyslog restart Setup-4 open the syslog ports on your local firewall. # iptables -I INPUT -p tcp --dport 514 -j ACCEPT# iptables -I INPUT -p udp --dport 514 -j ACCEPT# service iptables save Client Side Configuration- Step-1. Install 'rsylog' Package.. # yum install rsylog -y Step-2. Edit “/etc/rsyslog.conf” and under the 'RULES' section, add the
below line to enable ALL syslog events to be sent to the remote server. # vim /etc/rsyslog.conf_____________________________________________________________ #*.* @@remote-host:514 ---->Uncomment this line and change _______________________________________________ To This-
_______________________________________________
# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional mail.* @@syslog.ramesh.com_____________________________________________________________ OR_____________________________________________________________# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional
*.* @@192.168.0.254:514 <==== Add the Syslog server Ip add
:wq!
_____________________________________________________________ Step-3 Restart the rsyslog service.# service rsyslog restart Step-4. Test configuration- Client side run below command for TestingFor example, installing something via yum. For this purpose, I have run “yum install vsftpd”
or
# logger "testing to remote rsyslog server"
# logger "testing to remote rsyslog server"
# logger "testing to remote rsyslog server"
# logger "testing to remote rsyslog server"
Step-5. Check log on server side -
You will see the below appear in the logs on your syslog server-
________________________________________________________________________________________
==> /var/log/messages <== Mar 14 17:20:22 client yum[8804]: Installed: vsftpd-2.2.2-11.el6.x86_64
2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server
2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server
2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server
2014-03-14T17:35:24+05:08 client root: testing to remote rsyslog server
________________________________________________________________________________________
So Enjoy....
0 comments: