One of the most crucial components of a network's architecture is log management. Multiple elements of system software, including as utilities, programs, daemons, network services, kernels, physical devices, and so on, are continually generating log messages.
Log files may be used to debug Linux system faults, monitor the system, and assess system security strengths and weaknesses.
Rsyslog is a free and open-source logging application that is used in the majority of Linux distributions. It's also the standard logging service in CentOS 8, RHEL 8, RockyLinux 8, Alama Linux 8, Ubuntu Linux.
In CentOS/RHEL, the Rsyslog daemon may be set to run as a server to gather log messages from many network devices. These devices function as clients and are set up to provide logs to an rsyslog server.
The Rsyslog service, on the other hand, may be setup and launched in client mode. This configuration directs the rsyslog daemon to use the TCP or UDP transport protocols to relay log messages to a remote rsyslog server. The Rsyslog service may also be configured to function as both a client and a server.
1. Verify and Install rsyslog server on the client machine.
On a CentOS/RHEL system, the Rsyslog service is already installed and operating. To see if the rsyslog service is running on your system, use the following commands: # rpm -q rsyslog and # rsyslogd -v.
[root@client ~]# rpm -q rsyslog
rsyslog-8.2102.0-7.el8.x86_64
[root@client ~]# rsyslogd -v
rsyslogd 8.2102.0-7.el8 (aka 2021.02) compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: Yes
Config file: /etc/rsyslog.conf
PID file: /var/run/rsyslogd.pid
Number of Bits in RainerScript integers: 64
You can install the Rsyslog package by following command if already not installed.
# dnf install rsyslog
2. Configuring Rsyslog Service as Client
(i) Open the log server configuration file by command.
# vim /etc/rsyslog.conf
(ii) Goto end of the file and type as below.
*.* @<log server IP address>:514
For Example: *.* @172.25.9.11:514 (save and exit this file)
(iii) If the remote log server is set to only accept TCP connections, or if you wish to utilize a dependable transport network protocol, such as TCP, put another @ character in front of the remote host, as seen below:
*.* @@<log server IP address>:514
(iv) Restart the log server service.
# systemctl restart rsyslog # systemctl enable rsyslog
* Then all the log messages are stored in /var/log/secure location.
* To monitor all the messages on the server by command.
# tailf /var/log/secure
*Open the /etc/rsyslog.conf file and type as below to store all the client's log messages in remote log server only.
# vim /etc/rsyslog.conf
*.* /var/log/secure
(save and exit this file)
* Then restart the log server deamons.
# systemctl restart rsyslog
That's all there is to it! Rsyslog Client is now set up to Send Logs to the Rsyslog Server.
For rsyslog centralized configuration please follow below article:
How to configure Centralized Rsyslog server in Linux================================================================================== Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don't find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better. ==================================================================================