14.3. Configure rsyslog on the Centralized Logging Server

⁠14.3. Configure rsyslog on the Centralized Logging Server

The steps in this procedure must be followed on the system that you intend to use as your centralized logging sever. All steps in this procedure must be run while logged in as the root user.

⁠

Procedure 14.1. Configuring rsyslog on the centralized logging server

Configure SELinux to allow rsyslog traffic.

# semanage -a -t syslogd_port_t -p udp 514

For Red Hat Enterprise Linux 6-based systems, configure the firewall to allow rsyslog traffic.
1. Open the /etc/sysconfig/iptables file in a text editor.
2. Add an INPUT rule allowing UDP traffic on port 514 to the file. The new rule must appear before any INPUT rules that REJECT traffic.
```
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
```
3. Save the changes to the /etc/sysconfig/iptables file.
4. Restart the iptables service for the firewall changes to take effect.
```
# service iptables restart
```
For Red Hat Enterprise Linux 7-based systems, configure the firewall to allow rsyslog traffic. Add a rule allowing UDP traffic on port 514:
```
# firewall-cmd --permanent --add-port=514/udp
```
For the change to take immediate effect, add the rule to the runtime mode:
```
# firewall-cmd --add-port=514/udp
```
Open the /etc/rsyslog.conf file in a text editor.
1. Add this line to the file, defining the location logs will be saved to:
```
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 

authpriv.*   ?TmplAuth
*.info,mail.none,authpriv.none,cron.none   ?TmplMsg
```
2. Remove the comment character (#) from the beginning of these lines in the file:
```
#$ModLoad imudp
#$UDPServerRun 514
```
Save the changes to the /etc/rsyslog.conf file.

Your centralized log server is now configured to receive and store log files from the other systems in your environment.