In this post we will discuss how to configure rsyslog server and client in Linux. rsyslog utility is used to log the system activities in a remote system.This facility is used for troubleshooting any remote server issues ,that has been hacked by a hacker or in the situation like remote system goes down due to sudden hardware failures.
There are two methods commonly used.
1.Logging messages into the same server : All the system activities are stored in the local database(hard drive) of the server.
2.Logging message into the remote system : All the system activities are stored in the remote system ie on a centralized logging server, secured way to store critical messages.
# yum install rsyslog* [install in centralized server and client]
# chkconfig rsyslog on
#vim /etc/rsyslog.conf
un comment line 13 and 14 (modload and udp) and save the config file.
[ Here the logs will be received from client through UDP protocol]
# service rsyslog restart
# vim /etc/rsyslog.conf
*.* @192.168.2.5
save the configuration file.
# service rsyslog restart
# cat /var/log/messages
Logs will be updated in client as well as in centralized server.
Disadvantage: All the logs file from clients will be in the same file.
To avoid create new directory for each client to redirect to the respective directory.
For more information on rsyslog configuration see /usr/share/doc/rsyslog-*/rsyslog_conf.html
There are two methods commonly used.
1.Logging messages into the same server : All the system activities are stored in the local database(hard drive) of the server.
2.Logging message into the remote system : All the system activities are stored in the remote system ie on a centralized logging server, secured way to store critical messages.
To install rsyslog package in Linux(RedHat based systems)
# yum install rsyslog* [install in centralized server and client]
# chkconfig rsyslog on
Centralized rsyslog server(192.168.2.5) configuration
#vim /etc/rsyslog.conf
un comment line 13 and 14 (modload and udp) and save the config file.
[ Here the logs will be received from client through UDP protocol]
# service rsyslog restart
Client side configuration
# vim /etc/rsyslog.conf
*.* @192.168.2.5
save the configuration file.
# service rsyslog restart
To confirm the configuration from server end.
# cat /var/log/messages
Logs will be updated in client as well as in centralized server.
Disadvantage: All the logs file from clients will be in the same file.
To avoid create new directory for each client to redirect to the respective directory.
For more information on rsyslog configuration see /usr/share/doc/rsyslog-*/rsyslog_conf.html