1 / 4

Setup syslog server on Ubuntu or CentOS for Centralized Logs management

Setup syslog server on Ubuntu or CentOS for Centralized Logs management

Linuxtechlab
Download Presentation

Setup syslog server on Ubuntu or CentOS for Centralized Logs management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LinuxTechLAB.com Setup syslog server on Ubuntu or CentOS for Centralized Logs management

  2. Checking logs is an important activity to see what’s happening on your Linux servers, especially when you are trying to locate an issue. It easy when you are just managing 2, 3 servers but what to do when you are handling 50 or 100 servers? That’s when Centralized log management comes into the picture. We can sync all the Linux server logs (auth logs, cron logs, syslogs, etc) to a single Linux server so that we have access to logs of all the servers, whether 1 or 100, on a single server & when we are required to check logs, we will just login to a single server & will have access to logs from all servers. This is also useful when you don’t plan to give access to servers to all the individuals but we can just give access to a centralized logs server & they can see logs from that single machine only. In this tutorial, we will learn to setup the Syslog server In CentOS machines & ubuntu machines for centralized log management. This setup can be used for even hundreds of servers but for the purpose of this tutorial, we will be using only two servers, i.e., 1- Centralized log server or main server 2- A client-server Recommended Read: Important Linux Log Files to monitor to identify issues Also Read:  Analyzing Webserver logs with Logstalgia Let’s start with the setup of the Syslog server on the main server. Setup Syslog server on the Ubuntu/CentOS server (Centralized logs server) Firstly, we need to install the rsyslog service on our system. This can be installed using the following command on our system, # yum install rsyslog -y For Ubuntu machines, use the following command,

  3. $ sudo apt install rsyslog -y Once the package has been installed, we can start configuring the rsyslog service using the configuration file, # vim /etc/rsyslog.conf Look for the following lines and uncomment them, to look like, # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 Similarly, look for these lines as well to uncomment them, # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 Now save the file & exit. Next, we need to restart the rsyslog service to implement the changes, # systemctl restart rsyslog We have actually enabled port 514 on both TCP & UDP, this port will be used to receive the logs from all the servers. Next, we will move to our client-server. Setup Syslog server on Client machines (Ubuntu/CentOS) The configuration that we are about to make can be made on all the clients that we have. We will start by installing rsyslog on client machines, # yum install rsyslog -y For Ubuntu machines, use the following command, $ sudo apt install rsyslog -y Now open the rsyslog configuration file to make the changes, # vim /etc/rsyslog.conf Now at the end of the file, add the following lines,

  4. cron.none;*.info;mail.none;authpriv.none @10.10.10.10:514 Now save the file and exit. Here we have entered the files that are to be sent to centralized log servers & then we have mentioned the centralized log server IP address with the port number. To implement the changes made on client machines, we need to restart the rsyslog service, # systemctl restart rsyslog This was it, now all the mentioned log files will be sent to a centralized log server and a local copy will also be maintained. Checking the logs of servers Login to your centralized log server i.e. main server & go to the log folder, # cd /var/log Here, we can see all the logs in the file named ‘messages’ # tail -f /var/log/messages That’s it, this completes our tutorial on how to setup a Syslog server for Centralized Logs management on Ubuntu & CentOS servers. If you are facing any issues while setting this up or have any other questions regarding this tutorial, you can contact us using the comment box below. We are giving you exclusive deals to try Linux Servers for free with 100$ credit, check these links to claim your 100$, DigitalOcean - 100$ free credit   & Linode - 100$ free credit Check some Exclusive Deals, HERE. Also, check out DevOps Book You should read section.

More Related