DokuWiki » Infrastructure » Operating System » CentOS 6

How to setup a remote syslog server in CentOS 6

By jbmurphy on March 23, 2012 in Cisco, Linux 

I wanted to have a cisco device send it’s logs to a Centos box for troubleshooting. I just wanted to do a “tail -f” against the error logs. Seems that syslog is now rsyslog in Centos 6. To setup rsyslog to accept syslog logs from other devices, you need to:

1. uncomment out the following lines (not the description lines, the ones that start with “$”)

<pre><code class="bash">

# Provides UDP syslog reception

$ModLoad imudp.so

$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp.so

$InputTCPServerRun 514

</code></pre>

2. Add a line or two like these below to say where you want the logs written:

<pre><code class="bash">

:fromhost-ip,startswith,’192.168.1.’ /var/log/remote.log

& ~

:fromhost-ip,isequal,”192.168.1.33? /var/log/servername.log

& ~

</code></pre>

3. service restart rsyslogd

4. add a hole in iptables for 514 (UDP and TCP)

<pre><code class="bash">

-A INPUT -m state –state NEW -m udp -p udp –dport 514 -j ACCEPT

-A INPUT -m state –state NEW -m tcp -p tcp –dport 514 -j ACCEPT

</code></pre>

5. service iptables restart

6. create a new logrotate.d config file in /etc/logrotate.d:

<pre><code class="bash">

/var/log/remote.log

{

daily

rotate 5

missingok

notifempty

sharedscripts

postrotate

/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true

endscript

}

</code></pre>

Test from a remote machine via

<pre><code class="bash">

echo '<13> Can you hear me now?' | nc -w 3 -v -u 10.3.120.38 514

</code></pre>

Details on syslog-format

[[http://www.dl8rds.de/index.php/Arduino_Syslog_Client_Library]]