How to Configure Syslog Client on the NetFoundry Ubuntu VM

This guide will provide basic instructions on how to configure the NetFoundry VM as a rsyslog client to ship system log to a remote syslog server.

 

The NetFoundry Ubuntu VM comes with rsyslog already installed and running.  To enable it to send logs to a remote system we need to create a configuration file & place it in the appropriate directory.

 

The basic syntax for a configuration to ship logs to are remote:

For a remote listening on UDP:

{filter} @{host name of remote}:{port}

For a remote listening on TCP:

{filter} @@{host name of remote}:{port}

 

An example to ship all logs to a TCP enabled syslog server at the IP 192.168.1.100 over port 514

*.* @@192.168.1.100:514

An example to ship authentication logs to a UDP enabled syslog server located at myserver.com over port 514

auth,authpriv.* @myserver.com

 

Please create a configuration file, ensuring it has a .conf extension & put your custom configuration within:

/etc/rsyslog.d/01-custom.conf

The simplest configuration is to send all the default logs to a server.  To do this, simply use the @ or @@ syntax for the server, and write a single line into the configuration file, replacing the <> variables with the appropriate information, in this case, the TCP option is used.

echo "*.* @<SERVER IP>:<PORT>" >> /etc/rsyslog.d/01-custom.conf

Once the file is in place, you will have to restart the rsyslog service for the new configuration to be in effect.

sudo systemctl restart rsyslog

To verify that the connection is up, you can use the netstat command to verify a connection to the remote log server. 

netstat -nap | grep <SERVER IP>
tcp 0 0 <LOCAL IP>:<LOCAL PORT> <SERVER IP>:<PORT> ESTABLISHED -

To learn more about rsyslog configuration(s) you can use the following command while in an SSH session on the NetFoundry VM:

man rsyslog.conf

 

To learn more around rsyslog you can visit the website https://www.rsyslog.com/

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.