On the server that will receive all the logs (in our case, Server 2), edit the file:
sudo nano /etc/rsyslog.conf
Make sure the following lines are enabled, and then restart the service:
module(load=”imudp”)
input(type=”imudp” port=”514″)
module(load=”imtcp”)
input(type=”imtcp” port=”514″)
Restart the service with:
sudo systemctl restart rsyslog
At this point, on the other machines, in order to send logs to the server, we need to add the following line to the file:
. @10.0.10.132:514
Edit the file:
sudo nano /etc/rsyslog.conf
This allows the machines to send all logs to the server.
To verify that the logs are working, on a client machine, execute the following command:
logger “PRUEBA LOGS”
Then, on the server where the service is running, check the logs to confirm it’s working as expected.
LOG STORAGE CONFIGURATION
To configure log storage, edit or create the following file:
sudo nano /etc/logrotate.d/syslog
In this file, insert the following configuration:
/var/log/syslog {
weekly
rotate 1
compress
missingok
notifempty
create 640 root adm
dateext
}
| Configuración | Descripción |
|---|---|
| weekly | Gira els registres un cop a la setmana |
| rotate 1 | Mantingueu els últims 1 fitxers (1 setmana) |
| compress | Comprimir fitxers antics per estalviar espai |
| missingok | No mostreu un error si el fitxer no existeix |
| notifempty | No gireu el fitxer si està buit |
| create 640 root adm | Creeu fitxers nous amb permisos específics |
| dateext | Afegiu la data al fitxer girat per obtenir una millor identificació |
To apply this configuration, force the rule by executing:
sudo logrotate -f /etc/logrotate.d/syslog