Rsyslog: Difference between revisions
→Syslog Client
No edit summary |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 1:
[[Category:Linux]]
Setting up Syslog Server in Ubuntu:▼
__TOC__
<br />
Rsyslog will be installed by default in Latest Ubuntu server:▼
Install it if it is not already installed:
sudo apt-get install rsyslog
Edit the Rsyslog config file
Line 14 ⟶ 21:
$InputTCPServerRun 514
Restart rsyslog service
sudo service rsyslog restart
Verify if the Server listens to this port
netstat -an | grep 514
sudo rsyslogd -N1
*On the Client Machine:
sudo nano /etc/rsyslog.d/50-default.conf
*Add the following line at the top of the file before the '''log by facility''' section, :
/etc/rsyslog.d/50-default.conf
*.* @10.107.88.93:514
*In case you want only certain syslog alerts to be logged to remote server:
auth,authpriv.* @10.107.88.93:514
*Settings for when Rsyslog Server would be down:
$ActionQueueFileName queue
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*Restart rsyslog service
sudo service rsyslog restart
For verification, below command will generate a new Syslog file:
logger “Hello World”
logger -p local4.info " This is a info message from local 4"▼
logger –t ScriptName “Hello World”
= Generate Syslog messages =
*Test UDP syslog messages on port 514 with the following command:
echo "<14>Test UDP syslog message" >> /dev/udp/<target_hostname_or_ip_address>/514
*Test TCP syslog messages on port 514 with the following command:
echo "<14>Test TCP syslog message" >> /dev/tcp/<target_hostname_or_ip_address>/514
<br />
;References
<references/>
<br />
<br />
<br />
{{DISQUS}}
|