.: Configuring Syslog in Red Hat Enterprise Linux 6

Rsyslog-

Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network.

Packages-     rsyslog
Port No-       514
Daemon-      rsyslog
Script-         /etc/init.d/rsyslog
Conf file-     /etc/rsyslog.conf

My Rsyslog Server Details..

My Rsyslog server details are:

Syslog Server:      syslog.ashu.com       192.168.0.254

Client Server:        client.ashu.com         192.168.0.253

Server Side Configuration-

Step-1. Install 'rsylog' Package..

# yum install rsylog -y

Step-2.Next, we need to tell rsyslog to accept remote TCP and UDP syslog requests.

       At the top of the file “/etc/rsyslog.conf”, at the top of the file, change the below lines.

# vim /etc/rsyslog.conf

_____________________________________________________

# Provides UDP syslog reception
#$ModLoad imudp                 ---->Uncomment this line
#$UDPServerRun 514           ---->Uncomment this line

# Provides TCP syslog reception
#$ModLoad imtcp                      ---->Uncomment this line
#$InputTCPServerRun 514       ---->Uncomment this line

_____________________________________________________

To This-
________________________________________________

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

 :wq!

________________________________________________

Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. - See more at: http://www.unixmen.com/install-and-configure-rsyslog-in-centos-6-4-rhel-6-4/#sthash.1Fm53KH8.dpuf

Step-3 Restart the rsyslog service.

# service rsyslog restart

Setup-4 open the syslog ports on your local firewall.

# iptables -I INPUT -p tcp --dport 514 -j ACCEPT

# iptables -I INPUT -p udp --dport 514 -j ACCEPT

# service iptables save

Client Side Configuration-

Step-1. Install 'rsylog' Package..

# yum install rsylog -y

Step-2. Edit “/etc/rsyslog.conf” and under the 'RULES' section, add the 
below line to enable ALL syslog events to be sent to the remote server.

# vim /etc/rsyslog.conf

_____________________________________________________________

#*.* @@remote-host:514  ---->Uncomment this line and change

_______________________________________________

To This-
_______________________________________________

# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional

mail.* @@syslog.ashu.com

_____________________________________________________________

OR

_____________________________________________________________

# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional

*.* @@192.168.0.254:514 <==== Add the Syslog server Ip add

:wq!

_____________________________________________________________

Step-3 Restart the rsyslog service.

# service rsyslog restart

Step-4. Test configuration-

Client side run below command for Testing

For example, installing something via yum. For this purpose, I have run “yum install vsftpd”

# logger "testing to remote rsyslog server"

Step-5. Check log on server side -
You will see the below appear in the logs on your syslog server-

________________________________________________________________________________________

==> /var/log/messages <== Mar 14 17:20:22 client yum[8804]: Installed: vsftpd-2.2.2-11.el6.x86_64

2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server

2014-03-14T17:35:24+05:08 client root: testing to remote rsyslog server

________________________________________________________________________________________

So Enjoy....

_____________________________________________________________________________________________

Click Back.. Click Home..

https://docs.google.com/forms/d/1iNRZlJJO6rBFizzPcFmyOTEtfkdjhdVRmpM74IbiT3o/viewform

Pages