Remote rsyslog on Linux

In order to log data from a remote machine to a central server you will need to perform the following to the central server.

vi /etc/rsyslog.conf

Then add/uncomment the following lines

$AllowedSender UDP, 192.168.64.1
#$AllowedSender TCP, 192.168.64.0

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerAddress 192.168.64.100
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514

Note I have left TCP logging disabled in the example above.

then restart rsyslog
service rsyslog restart

You can route the logs to specific logfiles which I might add in the future should I ever need to do it.
I do not have instructions here for the remote client as I did not require that either.

Tags: , ,

Leave a Reply