rsyslog - jude-lindale/Wiki GitHub Wiki
log01
-
Install rsyslog by running the following command:
sudo yum install rsyslog -y
-
Allow port 514/UDP and 514/TCP throught the firewall:
firewall-cmd --permanent --add-port 514/tcp firewall-cmd --permanent --add-port 514/tcp firewall-cmd --reload
-
Then edit rsyslog.conf to receive syslog messages via the specifed ports:
vi /etc/rsyslog.conf
-
Then check if rsyslog is listening:
netstat -tupan | grep 514
web01
-
On web01 install rsyslog:
sudo yum install rsyslog -y
-
Then create the following file: /etc/rsyslog.d/sec350.conf:
vi /etc/rsyslog.d/sec350.conf
NOTE:
the line in sec350.conf means:
user=syslog facility
notice=syslog priority
@=UDP, @@ means TCP, so we are only going to send UDP
172.16.50.5=Remote Syslog Server
Test rsyslog messaging from web01 to log01
-
on log01 run the following command:
tail -f /var/log/messages
-
From web01, after restarting rsyslog, run the command:
logger -t test TESTFROMWEB01TOLOG01
rw01->SSH->web01->SSH->log01
-
lastly on rw01 in a terminal ssh to web01
ssh [email protected]
-
one sshed into web01 ssh into log01 from there
ssh [email protected]