14.3. Configure rsyslog on the Centralized Logging Server
The steps in this procedure must be followed on the system that you intend to use as your centralized logging sever. All steps in this procedure must be run while logged in as the
root user.
Procedure 14.1. Configuring rsyslog on the centralized logging server
- Configure SELinux to allow rsyslog traffic.
#
semanage -a -t syslogd_port_t -p udp 514 - For Red Hat Enterprise Linux 6-based systems, configure the firewall to allow rsyslog traffic.
- Open the
/etc/sysconfig/iptablesfile in a text editor. - Add an
INPUTrule allowing UDP traffic on port514to the file. The new rule must appear before anyINPUTrules thatREJECTtraffic.-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
- Save the changes to the
/etc/sysconfig/iptablesfile. - Restart the
iptablesservice for the firewall changes to take effect.#service iptables restart
For Red Hat Enterprise Linux 7-based systems, configure the firewall to allow rsyslog traffic. Add a rule allowing UDP traffic on port514:#firewall-cmd --permanent --add-port=514/udpFor the change to take immediate effect, add the rule to the runtime mode:#firewall-cmd --add-port=514/udp - Open the
/etc/rsyslog.conffile in a text editor.- Add this line to the file, defining the location logs will be saved to:
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log" authpriv.* ?TmplAuth *.info,mail.none,authpriv.none,cron.none ?TmplMsg
- Remove the comment character (#) from the beginning of these lines in the file:
#$ModLoad imudp #$UDPServerRun 514
Save the changes to the/etc/rsyslog.conffile.
Your centralized log server is now configured to receive and store log files from the other systems in your environment.