This guide will provide basic instructions on how to configure the NetFoundry VM as a rsyslog client to ship system log to a remote syslog server.
The NetFoundry Ubuntu VM comes with rsyslog already installed and running. To enable it to send logs to a remote system we need to create a configuration file & place it in the appropriate directory.
The basic syntax for a configuration to ship logs to are remote:
For a remote listening on UDP:
{filter} @{host name of remote}:{port}
For a remote listening on TCP:
{filter} @@{host name of remote}:{port}
An example to ship all logs to a TCP enabled syslog server at the IP 192.168.1.100 over port 514
*.* @@192.168.1.100:514
An example to ship authentication logs to a UDP enabled syslog server located at myserver.com over port 514
auth,authpriv.* @myserver.com
Please create a configuration file, ensuring it has a .conf extension & put your custom configuration within:
/etc/rsyslog.d/01-custom.conf
The simplest configuration is to send all the default logs to a server. To do this, simply use the @ or @@ syntax for the server, and write a single line into the configuration file, replacing the <> variables with the appropriate information, in this case, the TCP option is used.
echo "*.* @<SERVER IP>:<PORT>" >> /etc/rsyslog.d/01-custom.conf
Once the file is in place, you will have to restart the rsyslog service for the new configuration to be in effect.
sudo systemctl restart rsyslog
To verify that the connection is up, you can use the netstat command to verify a connection to the remote log server.
netstat -nap | grep <SERVER IP>
tcp 0 0 <LOCAL IP>:<LOCAL PORT> <SERVER IP>:<PORT> ESTABLISHED -
To learn more about rsyslog configuration(s) you can use the following command while in an SSH session on the NetFoundry VM:
man rsyslog.conf
To learn more around rsyslog you can visit the website https://www.rsyslog.com/
Comments
0 comments