Installation and configuration of the log server

by

🗂️ Log Centralization with Rsyslog for Offtube (🧩 Debian Version)

🔍 What is rsyslog?
🧠 rsyslog is a powerful logging system for Unix/Linux systems, especially useful in offline environments like Offtube.

🧾 Advantages:

✅ Centralization of events from all machines
✅ Efficient diagnostics and maintenance
✅ Robust and free system
✅ Fully functional in LAN environments

🏗️ Centralized Architecture

 
[CLIENTS] --rsyslog--> [LOG SERVER] (Debian Server with rsyslog as receiver)

🛠️ 1️⃣ Log Server Configuration

📍 Operating System: Debian 12 (or 11)
📁 File to edit: /etc/rsyslog.conf

🔧 Steps:
📌 1. Enable network log reception (UDP and TCP)

Open the file:

 
sudo nano /etc/rsyslog.conf

Add or uncomment the following lines:

bash
 
module(load="imudp") # 🔁 Enable UDP input(type="imudp" port="514") module(load="imtcp") # 🔁 Enable TCP input(type="imtcp" port="514")

📁 2. Define where the received logs will be saved

At the end of the file:

 
template(name="PerHost" type="string" string="/var/log/%HOSTNAME%/syslog.log") *.* ?PerHost

🔎 This will create a folder for each machine with its own log file 🔐

♻️ 3. Restart the rsyslog service

 
sudo systemctl restart rsyslog

🖥️ 2️⃣ Client Configuration (Debian Desktop or Server)

📁 File: /etc/rsyslog.conf or /etc/rsyslog.d/50-default.conf
🧭 Log server IP: for example 192.168.1.10

🔧 Steps:
📨 1. Add the log server IP

 
sudo nano /etc/rsyslog.conf

Add one of the following lines based on the protocol:

 
*.* @192.168.1.10:514 # UDP (one @) *.* @@192.168.1.10:514 # TCP (two @)

♻️ 2. Restart the service

 
sudo systemctl restart rsyslog

🪟 3️⃣ For Windows Machines

⚠️ Windows does not include rsyslog, but you can use:

🔧 NXLog – free, powerful and easy to configure
🔧 Snare Agent – popular in corporate environments

➡️ Configure them to send to 192.168.1.10:514

🔐 4️⃣ Security Considerations

🔥 Firewall with UFW (on the server):

 
sudo ufw allow from 192.168.1.0/24 to any port 514

📦 Log compression and rotation:

 
sudo apt install logrotate

🧪 5️⃣ Testing

🔎 From the client:

 
logger "🧪 Test log sent to the server"

🔎 From the server:

 
sudo tail -f /var/log/CLIENT_NAME/syslog.log

📊 Optional Visualization

🖥️ LogAnalyzer: web interface (requires Apache/Nginx + PHP)
📁 Terminal: Use less, grep, tail to analyze logs

Final Summary

🔧 ComponentOperating SystemRsyslog Function
🧠 Log ServerDebian Server 12Receive, organize, and store logs
🖥️ ClientsDebian Desktop/ServerSend their events
🛠️ AdministratorsDebian Desktop or WSL2Consult, audit, and analyze logs

🧠 Conclusion
With rsyslog on Debian, you have a lightweight, robust, and fully functional solution to achieve full traceability and control over your systems without needing Internet access 🌐.

Leave a Comment

Esta web utiliza cookies propias y de terceros para su correcto funcionamiento y para fines analíticos y para mostrarte publicidad relacionada con sus preferencias en base a un perfil elaborado a partir de tus hábitos de navegación. Contiene enlaces a sitios web de terceros con políticas de privacidad ajenas que podrás aceptar o no cuando accedas a ellos. Al hacer clic en el botón Aceptar, acepta el uso de estas tecnologías y el procesamiento de tus datos para estos propósitos.
Privacidad