Network Security Wiki

Rsyslog

Revision as of 17:41, 15 July 2017 by Amanjosan2008 (talk | contribs) (Created page with "Setting up Syslog Server in Ubuntu: Rsyslog will be installed by default in Latest Ubuntu server: Edit the Rsyslog config file sudo nano /etc/rsyslog.conf # provides UDP...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Setting up Syslog Server in Ubuntu:

Rsyslog will be installed by default in Latest Ubuntu server:

Edit the Rsyslog config file 

sudo nano /etc/rsyslog.conf

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

sudo service rsyslog restart

netstat -an | grep 514

To validate your rsyslog configuration file: 

sudo rsyslogd -N1

On the Client Machine: 

sudo nano /etc/rsyslog.d/50-default.conf

Add the following line at the top of the file before the log by facility section, replacing private_ip_of_ryslog_server with the private IP of your centralized server: 

/etc/rsyslog.d/50-default.conf

*.*                         @private_ip_of_ryslog_server:514

sudo service rsyslog restart

Logger

Retrieved from "https://aman.awiki.org/wiki/Rsyslog?oldid=1554"