Today we will be looking into how to setup a centralized log management for Linux servers, this will help the Linux admin to have a multiple server logs into one single place. The Linux admin not required to login in to each servers for checking the logs, he can just login into the centralized server and start do the logs monitoring.
Linux labels (auth, cron, ftp, lpr, authpriv, news, mail, syslog, etc ,..) the log messages to indicate the type of software that generated the messages with severity (Alert, critical, Warning, Notice, info, etc ,..).
You can find more information on Message Labels and Severity Levels
Make sure you have the following to setup log server.
Two Linux servers ( server and client).
Install syslog package, if you do not have it installed.
[root@server ~]# yum -y install rsyslog
[root@server ~]# vi /etc/rsyslog.conf
Un comment the following to enable the syslog server to listen on the tcp and udp port.
Now all the message logs are sent to the central server and also it keeps the copy locally.
Firewall Port opening (Optional):
Mostly all the production environment are protected by hardware firewall, ask them to open the TCP & UDP 514.
If you have IP tables enabled, run the following command on server in order to accept incoming traffic on UDP / TCP port 514.
http://firstname.lastname@example.org://email@example.com 14:26:072018-04-12 16:00:45rsyslog and syslog in linux