To configure rsyslog server and client in Linux

In this post we will discuss how to configure rsyslog server and client in Linux. rsyslog utility is used to log the system activities in a remote system.This facility is used for troubleshooting any remote server issues ,that has been hacked by a hacker or in the situation like remote system goes down due to sudden hardware failures.

There are two methods commonly used.

1.Logging messages into the same server : All the system activities are stored in the local database(hard drive) of the server.

2.Logging message into the remote system : All the system activities are stored in the remote system ie on a centralized logging server, secured way to store critical messages.

To install rsyslog package in Linux(RedHat based systems)

# yum install rsyslog*   [install in centralized server and client]
# chkconfig rsyslog on

Centralized rsyslog server(192.168.2.5) configuration

#vim /etc/rsyslog.conf

un comment line 13 and 14 (modload and udp) and save the config file.
[ Here the logs will be received from client through UDP protocol]

# service rsyslog restart

Client side configuration

# vim /etc/rsyslog.conf
*.*              @192.168.2.5

save the configuration file.

# service rsyslog restart

To confirm the configuration from server end.

# cat /var/log/messages

Logs will be updated in client as well as in centralized server.

Disadvantage: All the logs file from clients will be in the same file.

To avoid create new directory for each client to redirect to the respective directory.
For more information on rsyslog configuration see /usr/share/doc/rsyslog-*/rsyslog_conf.html