Rsyslog Server Setup


yum install -y rsyslog

vi /etc/rsyslog.conf

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# auto start
chkconfig rsyslog on
/etc/init.d/rsyslog start

# check router syslog traffic incoming
tcpdump -nvvX udp port 514 -s 1500

# Allow FW
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 514 -j ACCEPT
/etc/init.d/iptables restart

# enables logging from remote machines in config file. 
vi /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS ="-m 0 -r"
Install rsyslog 


vi /etc/rsyslog.conf

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 192.168.1.0/24

# This one is the template to generate the log filename dynamically, depending on the client's IP address. 
$template Remote,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%%$MONTH%%$DAY%.log"

# Log all messages to the dynamically formed file.
:fromhost-ip, isequal, "192.168.1.11" ?Remote
$~
:fromhost-ip, isequal, "192.168.1.12" ?Remote
$~
UDP syslog configuration 


vi /etc/rsyslog.conf

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$AllowedSender TCP, 192.168.1.0/24

# This one is the template to generate the log filename dynamically, depending on the client's IP address.          
$template Remote,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%%$MONTH%%$DAY%.log"

# Log all messages to the dynamically formed file.
:fromhost-ip, isequal, "192.168.1.11" ?Remote
$~
:fromhost-ip, isequal, "192.168.1.12" ?Remote
$~
TCP syslog configuration 


vi /etc/rsyslog.conf

yum install rsyslog-relp -y

# Provides REPl syslog reception
$ModLoad imrelp 
$InputRELPServerRun 20514 # REPL port

# This one is the template to generate the log filename dynamically, depending on the client's IP address.          
$template Remote,"/var/log/rsyslog/%$YEAR%%$MONTH%%$DAY%/%fromhost-ip%_%$YEAR%%$MONTH%%$DAY%.log"

# Log all messages to the dynamically formed file.
:fromhost-ip, isequal, "192.168.1.11" ?Remote
$~
:fromhost-ip, isequal, "192.168.1.12" ?Remote
$~
REPL configuration 


## TCP or UDP syslog client
*.*                     @192.168.1.100

## REPL syslog client
$ActionQueueType LinkedList     # use asynchronous processing
$ActionQueueFileName srvrfwd    # set file name, also enables disk mode
$ActionResumeRetryCount -1      # infinite retries on insert failure
$ActionQueueSaveOnShutdown on   # save in-memory data if rsyslog shuts down
*.* :omrelp:192.168.1.100:20514
Client configuration



Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.