Syslog - samuel-richardson/Sam-Tech-Journal GitHub Wiki
Configure Syslog Server and Client
Server
Install syslog sudo yum install rsyslog
Edit /etc/rsyslog.conf
and uncomment the below lines. This is a basic config but will be commented out for a better config.
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
Current running config is found here and shown below. This runs on udp 514 and automatically formats logs and locations based on the host. Save this config in /etc/rsyslog.d/
module(load="imudp")
input(type="imudp" port="514" ruleset="RemoteDevice")
template(name="DynFile" type="string"
string="/var/log/remote-syslog/%HOSTNAME%/%$YEAR%.%$MONTH%.%$DAY%.%PROGRAMNAME%.log"
)
ruleset(name="RemoteDevice"){
action(type="omfile" dynaFile="DynFile")
}
Start syslog with sudo systemctl start rsyslog
Client Add Logging
Install syslog sudo yum install rsyslog
Create .conf file in /etc/rsyslog.d/
with the content user.notice @{server ip}
@=UDP, @@ means TCP.
Restart syslog sudo systemctl restart rsyslog
Test logging with logger -t test message
Client Add Authpriv messages
Linux Client
edit /etc/rsyslog.d/file
and add the following line.
`authpriv.* @172.16.50.5``
Vyos Client
configure
set system host 172.16.50.5 facility authpriv level info
commit
save