Tuesday, December 28, 2010

System Configuration and Management -- Configure a system to log to a remote system

In prior releases of redhat, remote logging was configured via syslogd. In RHEL6, this is replaced with rsyslog.

The first step is to setup a remote server to receive the logging messages, http://www.rsyslog.com/receiving-messages-from-a-remote-system/ has a great walkthrough on setting this up.
  1. Edit /etc/rsyslog.conf an clear the # before the lines allowing syslog reception
    1. $ModLoad imudp.so
    2. $UDPServerRun 514
    3. $ModLoad imtcp.so
    4. $InputTCPServerRUN 514
  2. Restart the rsyslog daemon - service rsyslog restart
  3. Open the firewall to allow syslog connections
    1. iptables -I INPUT -p tcp --dport 514 -j ACCEPT
    2. iptables -I INPUT -p udp --dport 514 -j ACCEPT
    3. iptables-save > /etc/sysconfig/iptables
The next step is to configure the local system to send messages, http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/ has a great walkthrough on setting this up
  1. Edit /etc/rsyslog.conf and enter the below line (using the appropriate IP or DNS name)
    1. *.*   @@192.168.10.1:514
  2. Restart the rsyslog daemon - service rsyslog restart
Test the configuration by running logger -p warn foo. This will log a message in the local /var/log/messages and should log a similar message at the same location on the remote server

No comments: