CentOS Linux Centralized Logging Server

As Linux Admin you may need an easy solution to keep track of log files in many servers from central location and save it centrally , and it is easy in Linux , Let’s do it ..

01. Install Packages on server/client:

It is the same package on server and clients (do next steps on both server and clients):

 yum -y install rsyslog
 systemctl start rsyslog
 systemctl enable rsyslog
02. Configure Server:

vim /etc/rsyslog.conf

and Uncomment the following 4 lines (remove # from lines), so it will look like that:

# Provides UDP syslog reception
 $ModLoad imudp
 $UDPServerRun 514

# Provides TCP syslog reception
 $ModLoad imtcp
 $InputTCPServerRun 514

Restart service to reread configuration:

systemctl restart rsyslog
  • Configure Firewall on Server:
 firewall-cmd --permanent --add-port=514/tcp
 firewall-cmd --permanent --add-port=514/udp  
 firewall-cmd --reload
03. Configure Clients:

vim /etc/rsyslog.conf

append the following line:

# allow specific log with specific level: log.level;log2.level @log_server_IP

*.info;mail.none;authpriv.none;cron.none   @

# OR to send all logs to centralized server comment the above line and Uncomment the following:

# *.* @
systemctl restart rsyslog
04. Test:

on server watch log messages:

tail -f /var/log/messages

on client log a test message using logger command:

logger hello this a client log message

You should see “hello this a client log message” as log message with client name and date, That is it.

Enjoy !.

Comments are closed.