Building a Syslog Server

Go ahead and deploy your server, if you havent yet take a moment to do so.

Installing rsyslog:

yum install rsyslog

After the files have been installed, edit /etc/rsyslog.conf

vi /etc/rsyslog.conf

Once in, you’ll need to uncomment the following two lines

$ModLoad imudp
$UDPServer Run 514

$ModLoad imtcp
$InputTCPServerRun 514

Save the file and close it. Uncommenting these two lines will make the syslog server listen on port 514, for both udp and tcp traffic.

Next, you will need to edit the local firewall (iptables) to allow accept incoming traffic over port 514.

firewall-cmd –permanent –add-port=514/udp
firewall-cmd –permanent –add-port=514/tcp

Go ahead and restart the local firewall (iptables) with:

firewall-cmd reload

Finally, you will want to enable and start the syslog rsyslog service
Enable rsyslog:

systemctl enable rsyslog

Start rsyslog:

systemctl start rsyslog

Now verify that the service is running. You should an “Active Status” appear in green.

systemctl status rsyslog

 


 

Use the following commands to view log messages.

tail -10 /var/log/messages
cat /var/log/messages | grep <hostname-or-ipaddress>

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s