Rsyslog
Setting up Syslog Server in Ubuntu:
Rsyslog will be installed by default in Latest Ubuntu server:
Edit the Rsyslog config file
sudo nano /etc/rsyslog.conf
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
# provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
sudo service rsyslog restart
netstat -an | grep 514
To validate your rsyslog configuration file:
sudo rsyslogd -N1
On the Client Machine:
sudo nano /etc/rsyslog.d/50-default.conf
Add the following line at the top of the file before the log by facility section, replacing private_ip_of_ryslog_server with the private IP of your centralized server:
/etc/rsyslog.d/50-default.conf
*.* @private_ip_of_ryslog_server:514
sudo service rsyslog restart
Logger