rsyslog - eitan-j/tech-journal GitHub Wiki
How to use rsyslog
Switch to log server
- Install rsyslog
yum install rsyslog (CentOS)
- Enable and start rsyslog
systemctl enable --now rsyslog (systemd)
- Allow UDP and TCP port 514 on log server
firewall-cmd --permanent --add-port=514/tcp && firewall-cmd --permanent --add-port=514/udp (firewalld)
- Edit /etc/rsyslog.conf
- Uncomment lines under "Provides TCP..." and "Provides UDP..."
- Restart rsyslog
systemctl restart rsyslog (systemd)
Switch to log sender
- Install rsyslog
yum install rsyslog (CentOS)
- Enable and start rsyslog
systemctl enable --now rsyslog (systemd)
- Create and edit /etc/rsyslog.d/{configname}.conf
{facility}.{priority} @{logerverip}
- Restart rsyslog
systemctl restart rsyslog (systemd)
- Send test message
logger -t test TESTMESSAGE
Switch to log server
tail /var/log/messages
- This should show
TESTMESSAGE from log sender
How to make logs include timezones
Switch to log sender
- Edit /etc/rsyslog.conf
- Comment out line under "Use traditional/default timestamp format"
- Restart rsyslog
systemctl restart rsyslog (systemd)