SYSLOG - DefiantCoder/Tech-Journals GitHub Wiki

on the logger

Add ports 514/udp & 514/tcp to the firewall

at /etc/rsyslogconf uncomment the following image sudo systemctl restart rsyslog

clientside

create /etc/rsyslog.d/sec350.conf and add the following

usernotice @172.16.50.5

the line in sec350.conf means: user=syslog facility notice=syslog priority @=UDP, @@ means TCP, so we are only going to send UDP 172.16.50.5=Remote Syslog Server

Syslog test

sudo systemctl restart rsyslog
logger -t test TESTFROMWEB01TOLOG01

use the following to check for success

sudo tail /var/log/messages