rsyslog - jude-lindale/Wiki GitHub Wiki

log01

  1. Install rsyslog by running the following command:

    sudo yum install rsyslog -y
    
  2. Allow port 514/UDP and 514/TCP throught the firewall:

    firewall-cmd --permanent --add-port 514/tcp
    firewall-cmd --permanent --add-port 514/tcp
    firewall-cmd --reload
    
  3. Then edit rsyslog.conf to receive syslog messages via the specifed ports:

     vi /etc/rsyslog.conf
    

2023-01-16 15_06_39-VMware Horizon

  1. Then check if rsyslog is listening:

    netstat -tupan | grep 514
    

2023-01-16 15_08_03-VMware Horizon

web01

  1. On web01 install rsyslog:

    sudo yum install rsyslog -y
    
  2. Then create the following file: /etc/rsyslog.d/sec350.conf:

    vi /etc/rsyslog.d/sec350.conf
    

2023-01-16 15_10_37-VMware Horizon

   NOTE:
   the line in sec350.conf means:
   user=syslog facility
   notice=syslog priority
   @=UDP, @@ means TCP, so we are only going to send UDP
   172.16.50.5=Remote Syslog Server

Test rsyslog messaging from web01 to log01

  1. on log01 run the following command:

    tail -f /var/log/messages
    
  2. From web01, after restarting rsyslog, run the command:

     logger -t test TESTFROMWEB01TOLOG01
    

rw01->SSH->web01->SSH->log01

  1. lastly on rw01 in a terminal ssh to web01

     ssh [email protected]
    
  2. one sshed into web01 ssh into log01 from there

     ssh [email protected]