As Linux Admin you may need an easy solution to keep track of log files in many servers from central location and save it centrally , and it is easy in Linux , Let’s do it ..
01. Install Packages on server/client:
It is the same package on server and clients (do next steps on both server and clients):
yum -y install rsyslog systemctl start rsyslog systemctl enable rsyslog
02. Configure Server:
vim /etc/rsyslog.conf
and Uncomment the following 4 lines (remove # from lines), so it will look like that:
# Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
Restart service to reread configuration:
systemctl restart rsyslog
- Configure Firewall on Server:
firewall-cmd --permanent --add-port=514/tcp firewall-cmd --permanent --add-port=514/udp firewall-cmd --reload
03. Configure Clients:
vim /etc/rsyslog.conf
append the following line:
# allow specific log with specific level: log.level;log2.level @log_server_IP *.info;mail.none;authpriv.none;cron.none @192.168.1.10 # OR to send all logs to centralized server comment the above line and Uncomment the following: # *.* @192.168.1.10
systemctl restart rsyslog
04. Test:
on server watch log messages:
tail -f /var/log/messages
on client log a test message using logger command:
logger hello this a client log message
You should see “hello this a client log message” as log message with client name and date, That is it.
Enjoy !.