rsyslog_central_loghost
This is an old revision of the document!
rsyslog - central loghost
- Open tcp and udp port 514. Edit /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
- Reload iptables.
service iptables reload
- Configure SELinux to allow remote logging over tcp.
semanage port -m -t syslogd_port_t -p tcp 514
- Create rsyslog config /etc/rsyslog.d/loghost.conf
# Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 # Do not store loghost logs in remote directory :hostname, !isequal, "loghost" ~ $template FILE. "/var/log/remote/%HOSTNAME$.log" *.* ?FILE
- Restart rsyslog service.
service rsyslog restart
rsyslog_central_loghost.1403634901.txt.gz · Last modified: 2014/06/24 18:35 by admin