How To Setup SysLog Server on CentOS 7 / RHEL 7

SHORT INTRODUCTION

Syslog

We need one Main-server(192.168.33.25) & two client-server: client1(192.168.33.30) & client2(192.168.33.31), Make sure all are accessible

UCP & TCP are two Protocols for receiving logs which supported by rsyslog & TCP protocol also provides reliable transmission of logs

Login into both client servers – 192.168.33.30 & 192.168.33.31

Step 1: Install the Syslog Service on both Client Servers :

[root@client ~]# yum install rsyslog -y

  Start & Enable their Services:

[root@client ~]# systemctl start rsyslog
[root@client ~]# systemctl enable rsyslog

Now, Edit the rsyslog configure file :

[root@client1 ~]# vim /etc/rsyslog.conf

At the bottom of the file copy paste the below lines in both client servers & change server-ip into yours –

----UDP----
*.info;mail.none;authpriv.none;cron.none @192.168.33.25:514
----TCP----
*.info;mail.none;authpriv.none;cron.none @@192.168.33.25:514

Now, Restart the Syslog Service –

[root@client ~]#systemctl restart rsyslog

Login into a Main-server – 192.168.33.25 

Step 2: Installing Syslog package in the Main-Server

[root@client ~]# yum install rsyslog -y

  Start & Enable their Services:

[root@client ~]# systemctl start rsyslog
[root@client ~]# systemctl enable rsyslog

Now install & configure rsyslog –

[root@fosnix ~]# vim /etc/rsyslog.conf

Search the UDP/TCP syslog reception & uncomment the below lines:

----UDP----
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
----TCP----
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Save & Exit

Restart the rsyslog service 

[root@fosnix ~]# systemctl restart rsyslog

Validate:

[root@fosnix ~]# tail -f /var/log/messages

Tags:

No responses yet

Leave a Reply

Your email address will not be published.

Latest Comments

No comments to show.