Melhttps://unixcop.com
Unix/Linux Guru and FOSS supporter

How to Install Syslog Server and Client (Centos8)

What Is Syslog Server?

System log servers are used to collect syslog messages in a single location. A syslog server might be a physical server, a standalone virtual machine, or a software-based service.

Why Use Syslog?

With so much complex information produced by multiple applications and systems, administrators need a way to review the details, so they can understand the cause of problems or plan appropriately for the future.

Logs collected in syslog support this by:

  • Providing information needed to return the system to a prior status after a failure
  • Containing details of individual applications to allow teams to understand trends and troubleshoot problem areas
  • Monitoring applications without impacting performance by writing the information to external devices or services

The Environment

Two Linux servers ( server and client).

  1. unixcopa server (syslog server ) with IP 192.168.8.152
  2. unixcopb server (syslog client) with IP 192.168.8.11

How to Install Syslog Server

Install the rsyslog package on the syslog server in case the package doesn’t already exist.

dnf install -y rsyslog
Install rsyslog

After the successful installation , we will need to edit the /etc/rsyslog.conf file.

vi /etc/rsyslog.conf

Note:

Rsyslog supports both UDP and TCP protocol for receiving logs. It is up to you to decide which protocol you want to use.

We will use TCP as recommended protocol for reliable log delivery

Uncomment below

# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

Restart the syslog service

systemctl restart rsyslog

Allowing the service on the firewall

firewall-cmd --permanent --add-port=514/tcp

firewall-cmd --reload

Validation

You can use netstat command with below option

netstat -tuplen |grep rsyslog
netstat output
Netstat output

Now you can listen to clients.

How to Configure the client

Install rsyslog package as we did on Server side

dnf -y install rsyslog

After the successful installation , we will need to edit the /etc/rsyslog.conf file.

vi /etc/rsyslog.conf

uncomment or add below

action(type="omfwd" Target="192.168.8.152" Port="514" Protocol="tcp")

and finally restart the service of rsyslog

systemctl restart rsyslog

Now all the message logs are sent to the central server and also it keeps the copy locally.

Validation

On client Side:

We can print a statement on messages logs

echo "welcome to unixcoba syslog tutorials" > /var/log/messages
Client validation using echo

On Server Side:

check the last logs recieved using tail command as below

tail -f /var/log/messages
Here you will find the output of echo command on the last line

And for secure log file

You will find the logs of the clients (unixcopb client ) appear on the server side.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x