rsyslog - tmansfield42/Tech-Journal GitHub Wiki

This entry describes how to install a rsyslog client & server.

It will be step-by-step format, starting with the rsyslog server

Server

Step 1: Configure the firewall to allow UDP & TCP traffic through port 514

firewall-cmd --add-port=514/TCP --permanent

firewall-cmd --add-port=514/UDP --permanent

firewall-cmd --reload

firewall-cmd --list-all

Step 2: Install rsyslog if it isnt running

systemctl status rsyslog

yum install -y rsyslog

Step 3: Edit the config file

sudo nano /etc/rsyslog.conf

UNCOMMENT THE input(type="imtcp" port=514) FOR BOTH TCP & UDP LINES

Step 4: Confirm if running

netstat -tupan | grep 514

Client

Step 1: Confirm if rsyslog is installed, if not then install

sudo yum install rsyslog

Step 2: Add a custom config

sudo nano /etc/rsyslog.d/sec350.conf add user.notice @172.16.50.0.5 where the IP is the rsyslog server

systemctl restart rsyslog

Step 3: Test to see if rsyslog Client & Server are working properly

logger -t test testphrasegoeshere

On rsyslog server

sudo tail -f /var/log/messages