Go ahead and deploy your server, if you havent yet take a moment to do so.
yum install rsyslog
After the files have been installed, edit /etc/rsyslog.conf
Once in, you’ll need to uncomment the following two lines
$UDPServer Run 514
Save the file and close it. Uncommenting these two lines will make the syslog server listen on port 514, for both udp and tcp traffic.
Next, you will need to edit the local firewall (iptables) to allow accept incoming traffic over port 514.
firewall-cmd –permanent –add-port=514/udp
firewall-cmd –permanent –add-port=514/tcp
Go ahead and restart the local firewall (iptables) with:
Finally, you will want to enable and start the syslog rsyslog service
systemctl enable rsyslog
systemctl start rsyslog
Now verify that the service is running. You should an “Active Status” appear in green.
systemctl status rsyslog
Use the following commands to view log messages.
tail -10 /var/log/messages
cat /var/log/messages | grep <hostname-or-ipaddress>