rsyslog - stereoboy/Study GitHub Wiki

References

• How to Set Up Centralized Logging on Linux with Rsyslog

  • https://betterstack.com/community/guides/logging/how-to-configure-centralised-rsyslog-server

• How to use rsyslog to create a Linux log aggregation server

  • https://www.redhat.com/sysadmin/log-aggregation-rsyslog

• How to Set Up Remote Logging on Linux Using rsyslog

  • https://www.makeuseof.com/set-up-linux-remote-logging-using-rsyslog/

Remote Logging by rsyslog

• Server

diff --color -u /etc/rsyslog.conf.backup /etc/rsyslog.conf
--- /etc/rsyslog.conf.backup    2023-05-02 15:13:07.041065544 +0900
+++ /etc/rsyslog.conf   2023-05-02 15:06:57.386996661 +0900
@@ -5,6 +5,9 @@
 #
 # Default logging rules can be found in /etc/rsyslog.d/50-default.conf
 
+$template RemoteLogs,"/var/log/%HOSTNAME%/syslog.log"
+*.* ?RemoteLogs
+& ~
 
 #################
 #### MODULES ####
@@ -18,8 +21,8 @@
 #input(type="imudp" port="514")
 
 # provides TCP syslog reception
-#module(load="imtcp")
-#input(type="imtcp" port="514")
+module(load="imtcp")
+input(type="imtcp" port="514")
 
 # provides kernel logging support and enable non-kernel klog messages
 module(load="imklog" permitnonkernelfacility="on")

• Client

diff --color -u /etc/rsyslog.d/50-default.conf.backup /etc/rsyslog.d/50-default.conf
--- /etc/rsyslog.d/50-default.conf.backup       2023-05-02 15:20:37.133938207 +0900
+++ /etc/rsyslog.d/50-default.conf      2023-05-02 14:04:14.482988039 +0900
@@ -2,6 +2,7 @@
 #
 #                      For more information see rsyslog.conf(5) and /etc/rsyslog.conf
 
+*.* @@54.193.231.0:514
 #
 # First some standard log files.  Log by facility.
 #