1.1 SYSLOG - CameronProvost/SEC-350 GitHub Wiki

SYSLOG first required UDP and TCP 514 access to be set permanently on log01.

• sudo firewall-cmd --permanent --add-port=514/udp
• sudo firewall-cmd --permanent --add-port=514/tcp
• sudo firewall-cmd --reload

Then the /etc/rsylog.conf file requires modification to receive messages over ports 514 TCP and UDP. The configurations udder "Provide UDP syslog reception” and “Provides TCP syslog reception” needed to be uncommented and the file saves followed by a restart of the rsyslog service.

On web01 i needeed to install rsyslog with yum install rsyslog and create the /etc/rsyslog.d/sec350.conf file and add user.notice @172.16.50.5. This is followed by a restart of the rsyslog service.

Finally to test rsyslog messaging on log01, tail -f /var/log/messages. Then on web01 logger -t test TESFROMWEB01TOLOG01. This message should show up on web01 in the messages file.