Rsyslog is a free and open-source logging application that is used in the majority of Linux distributions. It’s also the standard logging service in CentOS 8, RHEL 8, RockyLinux 8, Alama Linux 8, Ubuntu Linux.
One of the most crucial components of a network’s architecture is log management. Multiple elements of system software, including as utilities, programs, daemons, network services, kernels, physical devices, and so on, are continually generating log messages.
Log files may be used to debug Linux system faults, monitor the system, and assess system security strengths and weaknesses.
In CentOS/RHEL, the Rsyslog daemon may be set to run as a server to gather log messages from many network devices. These devices function as clients and are set up to provide logs to an rsyslog server.
The Rsyslog service, on the other hand, may be setup and launched in client mode. This configuration directs the rsyslog daemon to use the TCP or UDP transport protocols to relay log messages to a remote rsyslog server. The Rsyslog service may also be configured to function as both a client and a server.
1. Verify and Install rsyslog server on the client machine.
On a CentOS/RHEL system, the Rsyslog service is already installed and operating. To see if the rsyslog service is running on your system, use the following commands: # rpm -q rsyslog
and # rsyslogd -v
.
[root@client ~]# rpm -q rsyslog rsyslog-8.2102.0-7.el8.x86_64 [root@client ~]# rsyslogd -v rsyslogd 8.2102.0-7.el8 (aka 2021.02) compiled with: PLATFORM: x86_64-redhat-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes systemd support: Yes Config file: /etc/rsyslog.conf PID file: /var/run/rsyslogd.pid Number of Bits in RainerScript integers: 64
You can install the Rsyslog package by following command if already not installed.
# dnf install rsyslog
2. Configuring Rsyslog Service as Client
(i) Open the log server configuration file by command.
# vim /etc/rsyslog.conf
(ii) Goto end of the file and type as below.
*.* @<log server IP address>:514
For Example: *.* @172.25.9.11:514
(save and exit this file)
(iii) If the remote log server is set to only accept TCP connections, or if you wish to utilize a dependable transport network protocol, such as TCP, put another @ character in front of the remote host, as seen below:
*.* @@<log server IP address>:514
(iv) Restart the log server service.
# systemctl restart rsyslog # systemctl enable rsyslog
* Then all the log messages are stored in /var/log/secure
location.
* To monitor all the messages on the server by command.
# tailf /var/log/secure
*Open the /etc/rsyslog.conf file and type as below to store all the client’s log messages in remote log server only.
# vim /etc/rsyslog.conf
*.* /var/log/secure
(save and exit this file)
* Then restart the log server deamons.
# systemctl restart rsyslog
That’s all there is to it! Rsyslog Client is now set up to Send Logs to the Rsyslog Server.
For rsyslog centralized configuration please follow below article:
==================================================================================
Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don’t find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better.
==================================================================================