Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how to configure Rsyslog in CentOS8". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "how to configure Rsyslog in CentOS8" can help you solve the problem.

Rsyslog is a multithreaded enhancement of syslogd. It provides high performance, excellent security features and modular design. Although it is based on regular syslogd, rsyslog has evolved into a powerful tool for receiving inputs from various sources, transforming them, and outputting results to different destinations.

Pre-condition

We will set up the following experimental environment to test the centralized logging process:

Rsyslog server CentOS 8 Minimal IP address: 10.128.0.47 client system RHEL 8 Minimal IP address: 10.128.0.48 through the above settings, we will demonstrate how to set up a Rsyslog server, and then configure the client system to send logs to the Rsyslog server for monitoring.

Let's start! Configure a Rsyslog server on CentOS 8

By default, Rsyslog is installed on a CentOS 8 / RHEL 8 server. To verify the status of Rsyslog, log in through SSH and run the following command:

$systemctl status rsyslog

Sample output:

If for some reason Rsyslog does not exist, you can install it using the following command:

$sudo yum install rsyslog

Next, you need to modify some settings in the Rsyslog configuration file. Open the configuration file:

$sudo vim / etc/rsyslog.conf

Scroll and uncomment the following line to allow logs to be received through the UDP protocol:

Module (load= "imudp") # needs to be done just onceinput (type= "imudp" port= "514")

Similarly, if you want to enable TCP rsyslog reception, uncomment the following line:

Module (load= "imtcp") # needs to be done just onceinput (type= "imtcp" port= "514")

Save and exit the configuration file. To receive logs from the client system, we need to open Rsyslog default port 514 on the firewall. To do this, run:

# sudo firewall-cmd-add-port=514/tcp-zone=public-permanent

Next, reload the firewall to save the changes:

# sudo firewall-cmd-reload

Sample output:

How to configure Rsyslog Server in CentOS8/RHEL8 how to configure Rsyslog Server in CentOS8/RHEL8

Next, restart the Rsyslog server:

$sudo systemctl restart rsyslog

To run Rsyslog at startup, run the following command:

$sudo systemctl enable rsyslog

To confirm that the Rsyslog server is listening on port 514, use the netstat command, as follows:

$sudo netstat-pnltu

Sample output:

Perfect! We have successfully configured the Rsyslog server to receive logs from the client system.

To view log messages in real time, run the following command:

$tail-f / var/log/messages

Now start configuring the client system.

Configure the client system on RHEL 8

Like the Rsyslog server, log in and check if the rsyslog daemon is running with the following command:

$sudo systemctl status rsyslog

Sample output:

Next, open the rsyslog configuration file:

$sudo vim / etc/rsyslog.conf

At the end of the file, add the following line:

*. * @ 10.128.0.47 Use 514 # Use @ for UDP protocol*.* @ @ 10.128.0.47 Use @ @ for TCP protocol

Save and exit the configuration file. Just like the Rsyslog server, open port 514, which is the default Rsyslog port on the firewall:

$sudo firewall-cmd-add-port=514/tcp-zone=public-permanent

Next, reload the firewall to save the changes:

$sudo firewall-cmd-reload

Next, restart the rsyslog service:

$sudo systemctl restart rsyslog

To run Rsyslog at startup, run the following command:

$sudo systemctl enable rsyslog test logging operation

Once you have successfully installed and configured the Rsyslog server and client, it is time to verify that your configuration is working as expected.

On the client system, run the following command:

# logger "Hello guys! This is our first log"

Now go to the Rsyslog server and run the following command to view the log messages in real time:

# tail-f / var/log/messages

The output of the command run on the client system is displayed in the log of the Rsyslog server, which means that the Rsyslog server is receiving logs from the client system:

That's it! We successfully set up the Rsyslog server to receive log information from the client system.

This is the end of the introduction on "how to configure Rsyslog in CentOS8". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.