{"id":94,"date":"2017-10-24T09:54:00","date_gmt":"2017-10-24T09:54:00","guid":{"rendered":"https:\/\/linuxadmin.melberi.com\/uncategorized\/rsyslog-remote-login-configuration"},"modified":"2017-10-24T11:43:14","modified_gmt":"2017-10-24T11:43:14","slug":"rsyslog-remote-login-configuration","status":"publish","type":"post","link":"https:\/\/www.melberi.com\/linuxadmin\/rsyslog\/rsyslog-remote-login-configuration","title":{"rendered":"rsyslog Remote Login Configuration Guide with Example iptables"},"content":{"rendered":"

rsyslog Remote Login Configuration<\/u><\/b>:<\/h2>\n

1. On the Client System:<\/u><\/b><\/p>\n

# yum install rsyslog<\/b><\/div>\n

Add the following lint (server ip, port) in the existing config file.
\n#vim \/etc\/rsyslog.conf<\/p>\n

*.* @masterserverip:514\u00a0\u00a0\u00a0\u00a0 (Enables UDP forwarding)
\n*.* @@masterserverip:514\u00a0\u00a0\u00a0\u00a0 (Enables TCP forwarding, You can use any one protocol )<\/div>\n

 <\/p>\n

#service rsyslog restart<\/b><\/div>\n

Example Client Server rsyslog.conf file:<\/b><\/u><\/p>\n

$ModLoad imuxsock.so<\/div>\n
$ModLoad imklog.so<\/div>\n
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat<\/div>\n
<\/div>\n
*.* @masterserverip:514<\/div>\n
<\/div>\n
*.info;mail.none;authpriv.none;cron.none \/var\/log\/messages<\/div>\n
authpriv.* \/var\/log\/secure<\/div>\n
mail.* -\/var\/log\/maillog<\/div>\n
cron.* \/var\/log\/cron<\/div>\n
*.emerg *<\/div>\n
uucp,news.crit \/var\/log\/spooler<\/div>\n
local7.* \/var\/log\/boot.log<\/div>\n

2. Rsyslog Master Log Server Configuration:<\/b><\/u><\/p>\n

# yum install rsyslog\u00a0 rsyslog-mysql<\/b><\/div>\n

#vim \/etc\/rsyslog.conf<\/p>\n

Example Log Server Config File:<\/b><\/u><\/p>\n

# Add your Client server IP or IP Range<\/div>\n
$AllowedSender UDP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
$AllowedSender TCP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
<\/div>\n
$ModLoad imuxsock.so<\/div>\n
$ModLoad imklog.so<\/div>\n
$ModLoad immark.so<\/div>\n
<\/div>\n
# Provides UDP syslog reception<\/div>\n
$ModLoad imudp.so<\/div>\n
$UDPServerRun 514<\/div>\n
<\/div>\n
# Provides TCP syslog reception<\/div>\n
$ModLoad imtcp.so<\/div>\n
$InputTCPServerRun 514<\/div>\n
<\/div>\n
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat<\/div>\n
<\/div>\n
*.info;mail.none;authpriv.none;cron.none \/var\/log\/messages<\/div>\n
authpriv.* \/var\/log\/secure<\/div>\n
mail.* -\/var\/log\/maillog<\/div>\n
cron.* \/var\/log\/cron<\/div>\n
*.emerg *<\/div>\n
uucp,news.crit \/var\/log\/spooler<\/div>\n
local7.* \/var\/log\/boot.log<\/div>\n

Save the file and restart the service<\/p>\n

#service rsyslog restart<\/b><\/div>\n

3. If you want to use different <\/b><\/u>template <\/b><\/u>and log the<\/b><\/u> <\/b><\/u>different server logs in to different directory<\/b>.<\/u>
\nyou can add the following in the rsyslog.conf file<\/p>\n

Example File 1(Dynamic Logfile):<\/b><\/u><\/p>\n

# Add your Client server IP or IP Range<\/div>\n
$AllowedSender UDP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
$AllowedSender TCP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
<\/div>\n
$ModLoad imuxsock.so<\/div>\n
$ModLoad imklog.so<\/div>\n
$ModLoad immark.so<\/div>\n
<\/div>\n
# Provides UDP syslog reception<\/div>\n
$ModLoad imudp.so<\/div>\n
$UDPServerRun 514<\/div>\n
<\/div>\n
# Provides TCP syslog reception<\/div>\n
$ModLoad imtcp.so<\/div>\n
$InputTCPServerRun 514<\/div>\n
<\/div>\n
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat<\/div>\n

$template DynFile,”\/var\/log\/%HOSTNAME%\/%programname%.log”
*.* ?DynFile<\/b><\/p>\n

Example File 2 (Manual User Defined Log Files):<\/b><\/u><\/p>\n

# Add your Client server IP or IP Range<\/div>\n
$AllowedSender UDP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
$AllowedSender TCP, 127.0.0.1, 10.5.0.0\/16, 192.168.1.0\/24<\/div>\n
<\/div>\n
$ModLoad imuxsock.so<\/div>\n
$ModLoad imklog.so<\/div>\n
$ModLoad immark.so<\/div>\n
<\/div>\n
# Provides UDP syslog reception<\/div>\n
$ModLoad imudp.so<\/div>\n
$UDPServerRun 514<\/div>\n
<\/div>\n
# Provides TCP syslog reception<\/div>\n
$ModLoad imtcp.so<\/div>\n
$InputTCPServerRun 514<\/div>\n
<\/div>\n
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat<\/div>\n
<\/div>\n
$template Auth, “\/var\/log\/%HOSTNAME%\/secure.log”<\/div>\n
<\/div>\n
# Log anything (except mail and cron) of level info or higher.<\/div>\n
$template MSG, “\/var\/log\/%HOSTNAME%\/messages”<\/div>\n
<\/div>\n
# Log all the mail messages in one place.<\/div>\n
$template mail, “\/var\/log\/%HOSTNAME%\/maillog”<\/div>\n
<\/div>\n
# Log cron stuff<\/div>\n
$template cron, “\/var\/log\/%HOSTNAME%\/cron”<\/div>\n
<\/div>\n
# Save news errors of level crit and higher in a special file.<\/div>\n
$template spool, “\/var\/log\/%HOSTNAME%\/spooler”<\/div>\n
<\/div>\n
# Save boot messages also to boot.log<\/div>\n
$template boot, “\/var\/log\/%HOSTNAME%\/boot.log”<\/div>\n
<\/div>\n
# Save kern messages also to console<\/div>\n
$template kern, “\/var\/log\/%HOSTNAME%\/kernal”<\/div>\n
<\/div>\n
# Everybody gets emergency messages<\/div>\n
$template emerg, “\/var\/log\/%HOSTNAME%\/emerg”<\/div>\n
<\/div>\n
#Save doemon message in daemon.log<\/div>\n
$template daemon, “\/var\/log\/%HOSTNAME%\/daemon.log”<\/div>\n
<\/div>\n
#Save news message in news.log<\/div>\n
$template news, “\/var\/log\/%HOSTNAME%\/news.log”<\/div>\n
<\/div>\n
#Save User log messages<\/div>\n
$template user, “\/var\/log\/%HOSTNAME%\/user.log”<\/div>\n
<\/div>\n
#Save Wrapper messages<\/div>\n
$template local, “\/var\/log\/%HOSTNAME%\/tcpwrapper.log”<\/div>\n
<\/div>\n
#Save dmesg message<\/div>\n
$template all, “\/var\/log\/%HOSTNAME%\/all”<\/div>\n
<\/div>\n
authpriv.* ?Auth<\/div>\n
*.info,mail.none,authpriv.none,cron.none ?MSG<\/div>\n
mail.* ?mail<\/div>\n
cron.* ?cron<\/div>\n
news.crit ?spool<\/div>\n
local7.* ?boot<\/div>\n
kern.* ?kern<\/div>\n
*.emerg ?emerg<\/div>\n
user.* ?user<\/div>\n
daemon.*,daemon,daemon.notice,daemon.err ?daemon<\/div>\n
news.* ?news<\/div>\n
*.* ?all<\/div>\n

4. If you want to save the log file in to cacti syslog mysql database<\/b><\/u><\/p>\n

Add the following lined at the end of rsyslog.conf<\/p>\n

$ModLoad ommysql<\/div>\n
$template cacti_syslog,”INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, ‘%timereported:::date-mysql%’, ‘%timereported:::date-mysql%’, ‘%HOSTNAME%’, ‘%msg%’)”, SQL<\/div>\n
*.* \u00a0\u00a0\u00a0 >dbserverip,db_name,db_username,db_password;cacti_syslog<\/div>\n

5. IP Tables Config:<\/b><\/u>
\nadd the following port in the \/etc\/sysconfig\/iptables file ( This is only required in the syslog server)<\/p>\n

-A INPUT -p udp -m udp –dport 514 -j ACCEPT<\/div>\n

Or for TCP<\/p>\n

-A INPUT -p tcp -m tcp –dport 514 -j ACCEPT<\/div>\n","protected":false},"excerpt":{"rendered":"

rsyslog Remote Login Configuration: 1. On the Client System: # yum install rsyslog Add the following lint (server ip, port) in the existing config file. #vim \/etc\/rsyslog.conf *.* @masterserverip:514\u00a0\u00a0\u00a0\u00a0 (Enables… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[132],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/94"}],"collection":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/comments?post=94"}],"version-history":[{"count":4,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/94\/revisions"}],"predecessor-version":[{"id":767,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/posts\/94\/revisions\/767"}],"wp:attachment":[{"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/media?parent=94"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/categories?post=94"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.melberi.com\/linuxadmin\/wp-json\/wp\/v2\/tags?post=94"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}