Rsyslog is an open source tool that is widely used in Linux systems to forward or receive log messages through the TCP/UDP protocol. The Rsyslog daemon can be configured into two environments, one configured as a log collection server, and the Rsyslog process can collect log data from other hosts on the network, which configures the logs to be sent to another remote server. Another usage of rsyslog is that it can be configured as a client to filter and send internal log messages to a local folder (such as/var/log) or to a remote Rsyslog server that can be routed to.
Assuming you already have a Rsyslog server already configured and started on your network, this guide will show you how to set up a CentOS system to route its internal log messages to a remote Rsyslog server. This will greatly improve the use of your system's disk space, especially if you do not have a separate large partition for the/var directory.
650) this.width=650; "src=" Http://www.linuxidc.com/upload/2015_02/150206103327752.png "width=" "height=" 250 " Style= "border:0px;"/>
Step One: Install the Rsyslog daemon
On CentOS 6 and 7, the Rsyslog daemon has been pre-installed. To verify that the Rsyslog is installed on your CentOS system, perform the following command:
# Rpm-qa | grep rsyslog
# rsyslogd-v
650) this.width=650; "src=" http://www.linuxidc.com/upload/2015_02/150206103327751.jpg "width=" 581 "vspace=" 5 "style = "border:0px;"/>
If, for some reason, the Rsyslog daemon does not appear on your system, use the following command to install:
# yum Install Rsyslog
Step Two: Configure the Rsyslog daemon for the client
The next step is to turn your centos machine into a rsyslog client and send all of its internal log messages to the Remote central log server.
To do this, open the Rsyslog master profile in the/etc path using your favorite text editor:
# nano/etc/rsyslog.conf
After you open the file for editing, you need to add the following declaration to the bottom of the file. Replace the IP address with the IP address of your remote Rsyslog server.
*.* @ 192.168 . 1.25 : 514
The above statement tells the Rsyslog Daemon to route various log messages for various devices on the system to UDP port 514 on the remote Rsyslog Server (192.168.1.25).
If for some reason you need more reliable protocols, such as TCP, and the Rsyslog server is configured to listen for TCP connections, you must add an additional @ character to the IP address of the remote host, as follows:
*.* @@ 192.168 . 1.25 : 514
Note that you can also replace the IP address of the Rsyslog server with its host name (FQDN).
If you only want to forward the log messages for the specified device on the server, such as the kernel device, then you can use the following declaration in the Rsyslog configuration file.
Kern .* @ 192.168 . 1.25 : 514
After modifying the configuration file, you need to restart the process to activate the modification:
CentOS 7:
# systemctl Restart Rsyslog.service
CentOS 6:
# Service Rsyslog Restart
Forwarding of non-syslog logs
In another environment, let's assume that you've installed an application called "Foobar" on your machine that generates Foobar.log log files under/var/log. Now, you want to direct its logs to the Rsyslog server, which can be implemented by loading the Imfile module in the Rsyslog configuration file as follows.
First, load the Imfile module, which only needs to be done once.
Module (load="imfile"pollinginterval="5")
Then, specify the path to the log file so that the Imfile module can detect:
-
input ( type = "Imfile"
-
file = "/var/log/foobar.log"
-
tag = "Foobar"
-
severity = "error"
-
facility = "LOCAL7"
Finally, the directed LOCAL7 device to the remote Rsyslog server:
LOCAL7 .* @ 192.168 . 1.25 : 514
Don't forget to restart the Rsyslog process Oh!
Step three: Let the Rsyslog process start automatically
To have the Rsyslog client start automatically after each system restart, run the following command:
CentOS 7:
# Systemctl Enable Rsyslog.service
CentOS 6:
# Chkconfig Rsyslog on
Summary
In this tutorial, I demonstrated how to turn a CentOS system into a Rsyslog client to force it to send log messages to a remote Rsyslog server. Here I assume that the connection between the Rsyslog client and the server is secure (for example, in a corporate network with firewall protection). In any case, do not configure the Rsyslog client to forward the log message over an unsecured network, or, especially over the Internet, because the Syslog protocol is a plaintext protocol. For secure transport, consider using TLS/SSL to encrypt the transmission of log messages.
This article is from the "Dream to Reality" blog, please be sure to keep this source http://lookingdream.blog.51cto.com/5177800/1834622
Configure the Rsyslog client on CentOS to log logs remotely