Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace: rsyslog_central_loghost
rsyslog_central_loghost

This is an old revision of the document!

, , , ,

rsyslog - central loghost

  • Open tcp and udp port 514. Edit /etc/sysconfig/iptables 
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
  • Reload iptables. 
    service iptables reload
  • Configure SELinux to allow remote logging over tcp. 
    semanage port -m -t syslogd_port_t -p tcp 514
  • Create rsyslog config /etc/rsyslog.d/loghost.conf 
    # Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

# Do not store loghost logs in remote directory
:hostname, !isequal, "loghost"       ~

$template FILE. "/var/log/remote/%HOSTNAME$.log"
*.* ?FILE
  • Restart rsyslog service. 
    service rsyslog restart
rsyslog_central_loghost.1403634901.txt.gz · Last modified: 2014/06/24 18:35 by admin