DEV Community

Cover image for Linux Automation - Centralized Logging
Hamed0406
Hamed0406

Posted on

Linux Automation - Centralized Logging

In this tutorial , I teach you how to use Rsyslog to configure central-log server on CentOS 7 / RHEL 7.
Why we need logging ?
To find out what's happing on the system/find proper solation to a problem .

All commands should be run as root user.

1- Configure Server side

To install Rsyslog package , if you don't have it :

yum -y install rsyslog

configurations file for syslog is located on /etc/rsyslog.conf .
Use your favorite file editor to edit rsyslog.conf and uncomment follows lines :

Provides UDP syslog receptio

$ModLoad imudp
$UDPServerRun 514

Restart the rsyslog service once your changes have been saved.

systemctl restart rsyslog

Verifying syslog server listening on the port 514

netstat -antup | grep 514

Output should be like this :

udp 0 0 0.0.0.0:514 0.0.0.0:* 1467/rsyslog
udp6 0 0 :::514 :::* 1467/rsyslogdd

If you have firewall on host server ,you need to enable inbound port 514/UDP

Enabling firewall inbound port TCP

firewall-cmd --permanent --add-port=514/tc
firewall-cmd --reloadp

Enabling firewall inbound port UDP

firewall-cmd --permanent --add-port=514/ud
firewall-cmd --reloadp

2- Configure client side

Install rsyslog package on client , if it is not installed .

configure client by editing /etc/rsyslog.conf by Add the following logging rule below the "RULES" line and restart the rsyslog service.
*.info,@NameOfYourServer/IPAdressFQDN
Restart the rsyslog service once your changes have been saved.
Now all log messages of info priority or higher appear in /var/log/messages on Log-server.
Thank you for reading and have happy coding.

Top comments (0)