Configuration of rsyslog for remote logging
Please note that configuration depends on version. Default version of syslog in RHEL 6.x uses directives
different from the most recent version of rsyslog
# provides support for local system logging
$ModLoad imuxsock
# provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# provides UDP syslog reception. For TCP, load imtcp.
$ModLoad imudp
# For TCP, InputServerRun 514
$UDPServerRun 514
# This one is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
# Log all messages to the dynamically formed file. Now each clients log (192.168.1.2, 192.168.1.3,etc...), will be under a separate directory which is formed by the template FILENAME.
*.* ?FILENAME
Main steps:
- You need to add statement to each server /etc/rlogin.conf file using script
- You need to configure postfix on 17 to send email to outlook account
- You need uncomment usb and TCP statement in /etc/rsyslog.conf file in 17. Restart syslog
- Download and install logwatch from Sourceforge.
- Create cron job running each morning. Actually there is a cron job installed automatically
by logwatch setup
Test that mail arrive. Fist my mailing say /etc/hosts file, then with logwatch.
Idea to add pulse statement (tick each hour) if puse is missing report trouble.
15.3. Configuring rsyslog on the Centralized Logging ServerThe steps in this procedure must be
followed on the system that you intend to use as your centralized logging sever. All steps in this
procedure must be run while logged in as the root user.
- Configure SELinux to allow rsyslog traffic.
# semanage -a -t syslogd_port_t -p udp 514
- Configure the
iptables firewall to allow rsyslog traffic.
- Open the
/etc/sysconfig/iptables file in a text editor.
- Add an
INPUT rule allowing UDP traffic on port 514 to the file.
The new rule must appear before any INPUT rules that REJECT traffic.
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
- Save the changes to the
/etc/sysconfig/iptables file.
- Restart the
iptables service for the firewall changes to take effect.
# service iptables restart
- Open the
/etc/rsyslog.conf file in a text editor.
- Add this line to the file, defining the location logs will be saved to:
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info,mail.none,authpriv.none,cron.none ?TmplMsg
- Remove the comment character (#) from the beginning of these lines in
the file:
#$ModLoad imudp
#$UDPServerRun 514
Save the changes to the /etc/rsyslog.conf file.
Your centralized log server is now configured to receive and store log files from the other systems
in your environment.
15.4. Configuring rsyslog on the Individual Nodes
Apply the steps listed in this procedure to each of your systems to configure them to send logs to
a centralized log server. All steps listed in this procedure must be performed while logged in as
the root user.
- Edit the
/etc/rsyslog.conf, and specify the address of your centralized log server
by adding the following:
*.* @YOURSERVERADDRESS:YOURSERVERPORT
Replace YOURSERVERADDRESS with the address of the centralized logging server.
Replace YOURSERVERPORT with the port on which the rsyslog service
is listening. For example:
*.* @192.168.20.254:514
Or:
*.* @log-server.company.com:514
The single @ specifies the UDP protocol for transmission. Use a double @@
to specify the TCP protocol for transmission.
Important
The use of the wildcard * character in these example configurations indicates
to rsyslog that log entries from all log facilities and of all log priorities must
be sent to the remote rsyslog server.
For information on applying more precise filtering of log files refer to the manual page for
the rsyslog configuration file, rsyslog.conf. Access the manual page
by running the command man rsyslog.conf.
Once the rsyslog service is started or restarted the system will send all log messages
to the centralized logging server.
Softpanorama Recommended
...
-
FYI, the "This recipe uses TCP for that reason." is the double @ in "*.* @@192.0.2.1:10514″
To use UDP use only one single @. For eample: "*.* @192.0.2.1:10514″
Configure
Remote Logging with Rsyslog ProfitBricks DevOps Central
20.2. Basic Configuration of Rsyslog
How to Setup Rsyslog Remote
Logging on Linux (Central Log Server)
Society
Groupthink :
Two Party System
as Polyarchy :
Corruption of Regulators :
Bureaucracies :
Understanding Micromanagers
and Control Freaks : Toxic Managers :
Harvard Mafia :
Diplomatic Communication
: Surviving a Bad Performance
Review : Insufficient Retirement Funds as
Immanent Problem of Neoliberal Regime : PseudoScience :
Who Rules America :
Neoliberalism
: The Iron
Law of Oligarchy :
Libertarian Philosophy
Quotes
War and Peace
: Skeptical
Finance : John
Kenneth Galbraith :Talleyrand :
Oscar Wilde :
Otto Von Bismarck :
Keynes :
George Carlin :
Skeptics :
Propaganda : SE
quotes : Language Design and Programming Quotes :
Random IT-related quotes :
Somerset Maugham :
Marcus Aurelius :
Kurt Vonnegut :
Eric Hoffer :
Winston Churchill :
Napoleon Bonaparte :
Ambrose Bierce :
Bernard Shaw :
Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient
markets hypothesis :
Political Skeptic Bulletin, 2013 :
Unemployment Bulletin, 2010 :
Vol 23, No.10
(October, 2011) An observation about corporate security departments :
Slightly Skeptical Euromaydan Chronicles, June 2014 :
Greenspan legacy bulletin, 2008 :
Vol 25, No.10 (October, 2013) Cryptolocker Trojan
(Win32/Crilock.A) :
Vol 25, No.08 (August, 2013) Cloud providers
as intelligence collection hubs :
Financial Humor Bulletin, 2010 :
Inequality Bulletin, 2009 :
Financial Humor Bulletin, 2008 :
Copyleft Problems
Bulletin, 2004 :
Financial Humor Bulletin, 2011 :
Energy Bulletin, 2010 :
Malware Protection Bulletin, 2010 : Vol 26,
No.1 (January, 2013) Object-Oriented Cult :
Political Skeptic Bulletin, 2011 :
Vol 23, No.11 (November, 2011) Softpanorama classification
of sysadmin horror stories : Vol 25, No.05
(May, 2013) Corporate bullshit as a communication method :
Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000):
the triumph of the US computer engineering :
Donald Knuth : TAoCP
and its Influence of Computer Science : Richard Stallman
: Linus Torvalds :
Larry Wall :
John K. Ousterhout :
CTSS : Multix OS Unix
History : Unix shell history :
VI editor :
History of pipes concept :
Solaris : MS DOS
: Programming Languages History :
PL/1 : Simula 67 :
C :
History of GCC development :
Scripting Languages :
Perl history :
OS History : Mail :
DNS : SSH
: CPU Instruction Sets :
SPARC systems 1987-2006 :
Norton Commander :
Norton Utilities :
Norton Ghost :
Frontpage history :
Malware Defense History :
GNU Screen :
OSS early history
Classic books:
The Peter
Principle : Parkinson
Law : 1984 :
The Mythical Man-Month :
How to Solve It by George Polya :
The Art of Computer Programming :
The Elements of Programming Style :
The Unix Hater’s Handbook :
The Jargon file :
The True Believer :
Programming Pearls :
The Good Soldier Svejk :
The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society :
Ten Commandments
of the IT Slackers Society : Computer Humor Collection
: BSD Logo Story :
The Cuckoo's Egg :
IT Slang : C++ Humor
: ARE YOU A BBS ADDICT? :
The Perl Purity Test :
Object oriented programmers of all nations
: Financial Humor :
Financial Humor Bulletin,
2008 : Financial
Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related
Humor : Programming Language Humor :
Goldman Sachs related humor :
Greenspan humor : C Humor :
Scripting Humor :
Real Programmers Humor :
Web Humor : GPL-related Humor
: OFM Humor :
Politically Incorrect Humor :
IDS Humor :
"Linux Sucks" Humor : Russian
Musical Humor : Best Russian Programmer
Humor : Microsoft plans to buy Catholic Church
: Richard Stallman Related Humor :
Admin Humor : Perl-related
Humor : Linus Torvalds Related
humor : PseudoScience Related Humor :
Networking Humor :
Shell Humor :
Financial Humor Bulletin,
2011 : Financial
Humor Bulletin, 2012 :
Financial Humor Bulletin,
2013 : Java Humor : Software
Engineering Humor : Sun Solaris Related Humor :
Education Humor : IBM
Humor : Assembler-related Humor :
VIM Humor : Computer
Viruses Humor : Bright tomorrow is rescheduled
to a day after tomorrow : Classic Computer
Humor
The Last but not Least Technology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org
was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP)
without any remuneration. This document is an industrial compilation designed and created exclusively
for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong
to respective owners. Quotes are made for educational purposes only
in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be
tracked by Google please disable Javascript for this site. This site is perfectly usable without
Javascript.
Last modified: March, 12, 2019
