We need to Configure the machines
1. Server machine - A centralised log server where all the logs are stored.
2. Client machine - which sends logs to the remote machine.
Server side configuration:
1. Open the /etc/rsyslog.conf and find the line "ModLoad" under the 'MODULES' part.
2. If you want to receive the logs by UDP then uncomment the following lines
$ModLoad imudp
$UDPServerRun 514
3. If you want to receive the logs by TCP then uncomment the following lines
#$ModLoad imtcp
#$InputTCPServerRun 514
Note: here 514 is port number
4. Edit the /etc/default/rsyslog file and change the RSYSLOGD_OPTIONS="-r -x -c1"
Note: -r <- Allow remotesystems to log their log entries into the server machine
-x <- Disables DNS lookups on messages received with -r
-c1 or -c2 <- Compatability mode (must not -c3 or -c4 because the compatability mode greater than 2 now allow remot log)
4.1 Restart the rsyslog by $sudo /etc/init.d/rsyslog restart
4.2 Now move to the Client side configuration. After the configuration finished restart the /etc/init.d/rsyslog there also
Now the remote logs are start logged in the log server machine you can veryfy them by $tail /var/log/auth.log. (change user in client machine and see that was logged in the auth.log)
If remote logs not works then do the following steps also in the log-server machine.
5. Open and edit the /etc/default/syslogd file and change the SYSLOGD as follows SYSLOGD="-r -m 0"
Now do the steps 4.1 & 4.2
6. Open and edit /etc/init.d/rsyslog file and change the RSYLOGD_OPTIONS into RSYLOGD_OPTIONS="-r" then do the steps 4.1 & 4.2
Client side configuration:
1. backup the /etc/rsyslog.conf file in anothername say $mv /etc/rsyslog.conf /etc/rsyslog.conf.bak
2. create a new /etc/rsyslog.conf file with the following content.
*.*
Thats it.. :)
Note: The linux distro am using is BOSS-4.0 (Debian based linux)
No comments:
Post a Comment