Configuring Syslog in Red Hat Enterprise Linux 6

Rsyslog-  

Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network.


Packages-     rsyslog
Port No-       514
Daemon-      rsyslog
Script-         /etc/init.d/rsyslog
Conf file-     /etc/rsyslog.conf

My Rsyslog Server Details..

My Rsyslog server details are:
Syslog Server:      syslog.ashu.com       192.168.0.254
Client Server:        client.ashu.com         192.168.0.253
 
Server Side Configuration-
 
Step-1. Install 'rsylog' Package..
 
# yum install rsylog -y
 
Step-2.Next, we need to tell rsyslog to accept remote TCP and UDP syslog requests.
       At the top of the file “/etc/rsyslog.conf”, at the top of the file, change the below lines.
 
# vim /etc/rsyslog.conf
_____________________________________________________
# Provides UDP syslog reception
#$ModLoad imudp ---->Uncomment this line
#$UDPServerRun 514 ---->Uncomment this line

# Provides TCP syslog reception
#$ModLoad imtcp ---->Uncomment this line
#$InputTCPServerRun 514 ---->Uncomment this line
_____________________________________________________

To This-
________________________________________________

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
 
 :wq! 
________________________________________________


Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. – See more at: http://www.unixmen.com/install-and-configure-rsyslog-in-centos-6-4-rhel-6-4/#sthash.1Fm53KH8.dpuf

Step-3 Restart the rsyslog service.

# service rsyslog restart
 
Setup-4 open the syslog ports on your local firewall.
 
# iptables -I INPUT -p tcp --dport 514 -j ACCEPT
# iptables -I INPUT -p udp --dport 514 -j ACCEPT
# service iptables save 


Client Side Configuration-
 
Step-1. Install 'rsylog' Package.. 
 
# yum install rsylog -y
 
Step-2. Edit “/etc/rsyslog.conf” and under the 'RULES' section, add the 
below line to enable ALL syslog events to be sent to the remote server.
 
# vim /etc/rsyslog.conf
_____________________________________________________________ 
 
#*.* @@remote-host:514  ---->Uncomment this line and change 
_______________________________________________
 


To This-

_______________________________________________

# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional 
 
mail.* @@syslog.ramesh.com
_____________________________________________________________
              
 OR
_____________________________________________________________
# remote host is: name/ip:port, e.g. 192.168.0.254:514, port optional   


*.* @@192.168.0.254:514      <==== Add the Syslog server Ip add 
:wq!
_____________________________________________________________
 

Step-3 Restart the rsyslog service.

# service rsyslog restart
 
Step-4. Test configuration- 

Client side run below command for Testing

For example, installing something via yum. For this purpose, I have run “yum install vsftpd”


                                              or 




# logger “testing to remote rsyslog server”


# logger “testing to remote rsyslog server”


# logger “testing to remote rsyslog server”


# logger “testing to remote rsyslog server”


Step-5. Check log on server side – 

You will see the below appear in the logs on your syslog server- 

________________________________________________________________________________________
==> /var/log/messages <== Mar 14 17:20:22 client yum[8804]: Installed: vsftpd-2.2.2-11.el6.x86_64



2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server


2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server


2014-03-14T17:35:23+05:08 client root: testing to remote rsyslog server


2014-03-14T17:35:24+05:08 client root: testing to remote rsyslog server
________________________________________________________________________________________
 So Enjoy….

Leave a Reply

Your email address will not be published. Required fields are marked *