21.5. Remotely Logging Host Activities

21.5.1. Setting Up a Virtualization Host Logging Server
21.5.2. Configuring Red Hat Enterprise Virtualization Hypervisor Hosts to Use a Logging Server

21.5.1. Setting Up a Virtualization Host Logging Server

Summary
Red Hat Enterprise Virtualization hosts generate and update log files, recording their actions and problems. Collecting these log files centrally simplifies debugging.
This procedure should be used on your centralized log server. You could use a separate logging server, or use this procedure to enable host logging on the Red Hat Enterprise Virtualization Manager.

Procedure 21.1. Setting up a Virtualization Host Logging Server

  1. Configure SELinux to allow rsyslog traffic. 
    # semanage port -a -t syslogd_port_t -p udp 514
  2. Edit /etc/rsyslog.conf and add the following lines: 
    $template TmplAuth, "/var/log/%fromhost%/secure" 
$template TmplMsg, "/var/log/%fromhost%/messages" 

$RuleSet remote
authpriv.*   ?TmplAuth
*.info,mail.none;authpriv.none,cron.none   ?TmplMsg
$RuleSet RSYSLOG_DefaultRuleset
$InputUDPServerBindRuleset remote
    Uncomment the following: 
    #$ModLoad imudp
#$UDPServerRun 514
  3. Restart the rsyslog service: 
    # service rsyslog restart
Result
Your centralized log server is now configured to receive and store the messages and secure logs from your virtualization hosts.

21.5.2. Configuring Red Hat Enterprise Virtualization Hypervisor Hosts to Use a Logging Server

Summary
Red Hat Enterprise Virtualization hosts generate and update log files, recording their actions and problems. Collecting these log files centrally simplifies debugging.
Use this procedure on a Red Hat Enterprise Virtualization Hypervisor host to begin sending log files to your centralized log server.

Procedure 21.2. Configuring Red Hat Enterprise Virtualization Hypervisor Hosts to Use a Logging Server

  1. Log in to your Red Hat Enterprise Virtualization Hypervisor host as admin to access the Hypervisors text user interface (TUI) setup screen.
  2. Select Logging from the list of options on the left of the screen.
  3. Press the Tab key to reach the text entry fields. Enter the IP address or FQDN of your centralized log server and the port it uses.
  4. Press the Tab key to reach the Apply, and press the Enter Key.
Result
Your Red Hat Enterprise Virtualization Hypervisor host has been configured to send messages to a centralized log server.