Rsyslog

Setting up Syslog Server in Ubuntu:

Rsyslog will be installed by default in Latest Ubuntu server:

Edit the Rsyslog config file sudo nano /etc/rsyslog.conf

$ModLoad imudp $UDPServerRun 514
 * 1) provides UDP syslog reception

$ModLoad imtcp $InputTCPServerRun 514
 * 1) provides TCP syslog reception

sudo service rsyslog restart

netstat -an | grep 514

To validate your rsyslog configuration file: sudo rsyslogd -N1

On the Client Machine:

sudo nano /etc/rsyslog.d/50-default.conf

Add the following line at the top of the file before the log by facility section, replacing private_ip_of_ryslog_server with the private IP of your centralized server: /etc/rsyslog.d/50-default.conf

*.*                        @private_ip_of_ryslog_server:514

sudo service rsyslog restart

Logger