RHCE Series: Remote Logging

I’ll be combining two objectives into one, as I feel that they are very closely related.

  • Configure a system to log to a remote system.
  • Configure a system to accept logging from a remote system.

 

To configure a system to log to a remote system, you'll need to configure your rsyslog.conf to send local logs to a remote server, which is the last highlighted option from the rsyslog.conf:

*.* @@192.168.0.1:514 

To make the server accept logs from a remote device, you'll need to uncomment one or both of the first two highlighted options. Generally, remote syslogging works on udp 514, so usually just uncommenting:

 

will usually work. Making changes to the rsyslog.conf requires a restart of the rsyslogd service

service rsyslog restart

You will also need to be sure to open the firewall

iptables -A INPUT -p udp --dport 514 -j ACCEPT
iptables -A INPUT -p tcp --dport 514 -j ACCEPT
service iptables save

October 25, 2012

Posted In: Linux, Logging, Remote Logging, RHCE Study Notes