14.4. Configure rsyslog on Individual Nodes

⁠14.4. Configure rsyslog on Individual Nodes

Apply the steps listed in this procedure to each of your systems to configure them to send logs to a centralized log server. All steps listed in this procedure must be performed while logged in as the root user.

⁠

Procedure 14.2. Configuring a node to send logs to a centralized log server

Edit the /etc/rsyslog.conf, and specify the address of your centralized log server by adding the following:
```
*.*   @YOURSERVERADDRESS:YOURSERVERPORT
```
Replace YOURSERVERADDRESS with the address of the centralized logging server. Replace YOURSERVERPORT with the port on which the rsyslog service is listening. For example:
```
*.*   @192.168.20.254:514
```
Or:
```
*.*   @log-server.company.com:514
```
The single @ specifies the UDP protocol for transmission. Use a double @@ to specify the TCP protocol for transmission.
Important
The use of the wildcard * character in these example configurations indicates to rsyslog that log entries from all log facilities and of all log priorities must be sent to the remote rsyslog server.
For information on applying more precise filtering of log files refer to the manual page for the rsyslog configuration file, rsyslog.conf. Access the manual page by running the command man rsyslog.conf.

Once the rsyslog service is started or restarted the system will send all log messages to the centralized logging server.