Categories
Linux Tips & Tutorials Logging

Setup Remote Logging Server with Rsyslog

Objective

The objective of this tutorial is to configure a remote centralized log server using rsyslog. RsysLog server runs on both TCP as well as UDP port 514. But this tutorial is using UDP port. This setup is tested on CentOS 6 server & client machines.

Server Side Configuration

  • Install rsyslog package
      
    yum install rsyslog
  • Add following directives in /etc/rsyslog.conf
       
    # provides support for local system logging
    $ModLoad imuxsock 
    # provides kernel logging support (previously done by rklogd)
    $ModLoad imklog
    # provides UDP syslog reception. For TCP, load imtcp.
    $ModLoad imudp
    #For TCP, InputServerRun 514
    $UDPServerRun 514
    # This one is the template to generate the log filename dynamically, depending on the client's IP address.
    $template FILENAME,"/var/log/%fromhost-ip%/syslog.log" 
    # Log all messages to the dynamically formed file. Now each clients log (192.168.1.2, 192.168.1.3,etc...), will be under a separate     directory which is formed by the template FILENAME.
    *.* ?FILENAME
    Save & exit from the file.
  • Replace the following directive in /etc/sysconfig/rsyslog
    SYSLOGD_OPTIONS="-c 5" 
    with
    SYSLOGD_OPTIONS="-r514 -m 0" 
    This directive tells that server will communicate through port 514.
    Save & exit from the file.
  • Now Restart rsyslog service
    service rsyslog restart

 

Client side Configuration

  • Install rsyslog package
    yum install rsyslog
  • Add following directives in /etc/rsyslog.conf
    # provides support for local system logging
    $ModLoad imuxsock 
    # provides kernel logging support (previously done by rklogd)
    $ModLoad imklog
    # Provides UDP forwarding. The IP is the server's IP address
    *.* @192.168.1.1:514 
    # Provides TCP forwarding. But the current server runs on UDP
    # *.* @@192.168.1.1:514
  • Now all your logs will be sent to 192.168.1.1 server at default location /var/log/IP-Address directory

By Sushant Chawla

Over the past 11 years I have acquired very good knowledge of:

- Cloud Setup on Amazon, Rackspace with autoscaling, load balancers, etc
- LAMP architecture
- LNMP Architecture
- Apache, Nginx, Lighttpd
- Databases: MySQL and PostgreSQL
- Bash Scripting
- Configuration Management with Puppet
- Monitoring: Nagios, Zabbix, ICINGA
- Mail servers: Sendmail, Postfix, Exim
- Web Accelerators & Caching Setups with Memcache, Varnish & Redis
- Setup and Management of high availability applications clusters
- LDAP, Samba, NFS, FTP, DNS, DHCP, Openfire, Squid Proxy
- Subversion(SVN), GIT
- Control Panels: Plesk, Webmin, cPanel

Apart from Linux, I am a great sports star & regular traveller. I like working out and exploring various places.

Cheers ;-)