Hi Folks, today we are discussing an important topic. If you have hundred of servers in your network, checking log of each machine is complex and lengthy process. A syslog server is used for this purpose which centralizes the log of different servers.
In this tutorial, we are demonstrating the installation and configuration of rsyslog server on Red Hat Enterprise Linux 9.
Prerequisites
- Two RHEL 9 machines (server and client)
- Root account or an account with sudo privileges
- Server and machine are on the same network and they can ping each other
Install rsyslog packages on server machine
Fire up the terminal and install rysyslog related packages on server machine. Execute the following.
yum install rsyslog* -y
Open the configuration file located at /etc/rsyslog.conf and uncomment the lines shown in the below screenshot.
Restart the rsyslog service. The command doesn’t print any output.
systemctl restart rsyslog
You can check the status of rsyslog with the help of below command.
systemctl status rsyslog
As you can see the service is up and running from the above screen shot.
Now enable this service permanently.
systemctl enable rsyslog
Configure the firewall and add the following rules.
firewall-cmd --permanent --add-port=514/tcp
firewall-cmd --permanent --add-port=514/udp
After adding the rule, reload the firewall.
firewall-cm --reload
We are done with the configuration of rsyslog server machine. Let’s move forward to the client machine configuration.
Configure Red Hat Enterprise Linux 9 client machine
Open the configuration file located at /etc/rsyslog.conf and add the entry of rsyslog server so that the client machine can send the log to it.
nano /etc/rsyslog.conf
Add the entry as follows.
*.* @<IP address of Rsyslog server>
Restart the rsyslog service
After making changes to the configuration file, restart the rsyslog service on client machine.
systemctl restart rsyslog
Verify the rsyslog service
It is now time to verify all of the steps we have done on our server and client machine.
Create a user tedd on the client machine..
adduser tedd
Assign any temporary password.
passwd tedd
Our passwords do not match. We have done this intentionally to create an entry in the log.
Go to rsyslog server and check the following file.
nano /var/log/secure
You should see the entry of user tedd.
Conclusion
You need to configure the rsyslog server on server machine and then edit the configuration file on the server. Uncomment the four lines, module(load=”imudp”) , input(type=”imudp” port=”514″), module(load=”imtcp”), and input(type=”imtcp” port=”514″). Add the rules in the firewall to allow tcp and udp ports for rsyslog On the client machine specify the IP of rsyslog server and the logs you would like to send to the server.
