In this configuration guide, you will learn how to setup Central Logging server in CentOS 7. #centlinux #linux #syslog
Table of Contents
What is rsyslog? :
rsyslog is responsible for log processing in CentOS 7. rsyslog is abbreviation of ‘Rocket Fast System for Log processing’. rsyslog offers high-performance, great security features and modular design. It can accept input from wide variety of sources, transform it and output the result to diverse destinations.
In this article, we will setup central logging server using rsyslog on CentOS 7 and then we will configure CentOS 7 clients to submit their local logs to this rsyslog based central logging server.
Read Also: How to use Logrotate in Linux
Environment Specification:
We are using two virtual machines, one as the rsyslog server and the other as the rsyslog client.
rsyslog Server | rsyslog Client | |
Hostname: | rsyslog-server.example.com | rsyslog-client.example.com |
IP Address: | 192.168.113.10/24 | 192.168.113.11/24 |
Operating System: | CentOS 7.6 | CentOS 7.6 |
Configure Central Logging Server in CentOS 7:
rsyslog is by default installed on most of the Linux distros including CentOS 7.
Connect to rsyslog-server.example.com and check status of rsyslog.service.
# systemctl status rsyslog.service
rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled)
Active: active (running) since Sat 2018-08-11 21:15:52 PDT; 27min ago
Main PID: 759 (rsyslogd)
CGroup: /system.slice/rsyslog.service
ââ759 /usr/sbin/rsyslogd -n
Aug 11 21:15:52 rsyslog-server.example.com systemd[1]: Started System Logging Serv...
Hint: Some lines were ellipsized, use -l to show in full.
rsyslog is already installed on our CentOS 7 server, and its service is already started.
Now we are configuring rsyslog settings to accept input from other machines.
# vi /etc/rsyslog.conf
Find and uncomment following two directives.
$ModLoad imtcp
$InputTCPServerRun 514
Save settings and restart the rsyslog.service.
# systemctl restart rsyslog.service
Allow rsyslog service port in Linux firewall.
# firewall-cmd --permanent --add-port=514/tcp success # firewall-cmd --reload success
Our rsyslog server has been configured to received input from other log sources via port 514/tcp
Configuring rsyslog Client on CentOS 7:
.Connect to rsyslog-client.example.com and check status of rsyslog.service.
# systemctl status rsyslog.service
rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled)
Active: active (running) since Sun 2018-08-12 02:16:31 PDT; 4h 6min left
Main PID: 742 (rsyslogd)
CGroup: /system.slice/rsyslog.service
ââ742 /usr/sbin/rsyslogd -n
Aug 12 02:16:31 rsyslog-client.example.com systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.
rsyslog service is already installed and running on our CentOS 7 based client machine.
Now configure rsyslog client to transmit its log to our rsyslog server by adding the following directives in /etc/rsyslog.conf
# echo "*.* @@rsyslog-server.example.com:514" >> /etc/rsyslog.conf
Restart the rsyslog.service to apply changes.
# systemctl restart rsyslog.service
Now connect to our rsyslog server and check /var/log/messages
# tail /var/log/messages Aug 11 22:31:28 rsyslog-server systemd: Closed ipa-otpd socket. Aug 11 22:31:28 rsyslog-server systemd: Stopping 389 Directory Server EXAMPLE-COM.... Aug 11 22:31:29 rsyslog-server systemd: Stopped 389 Directory Server EXAMPLE-COM.. Aug 11 22:31:29 rsyslog-server systemd: Stopping 389 Directory Server. Aug 11 22:31:29 rsyslog-server systemd: Stopped target 389 Directory Server. Aug 11 22:33:32 rsyslog-client rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="3063" x-info="http://www.rsyslog.com"] start Aug 11 22:33:32 rsyslog-client systemd: Stopping System Logging Service... Aug 11 22:33:32 rsyslog-client systemd: Starting System Logging Service... Aug 11 22:33:32 rsyslog-client systemd: Started System Logging Service. Aug 11 22:33:56 rsyslog-client systemd-logind: Removed session 16.
We can see that rsyslog-client.example.com is forwarding its logs to rsyslog-server.example.com.
We have successfully configure a central login server using rsyslog on CentOS 7.
Conclusion:
In this configuration guide, you have learned, how to setup Central Logging server in CentOS 7.
Thanks for sharing.
You are Welcome.
Thanks,, very clear