Exam EX200 All QuestionsBrowse all questions from this exam
Go to Exam
Question 62

SIMULATION -

You are a System administrator. Using Log files very easy to monitor the system. Now there are 50 servers running as Mail, Web, Proxy, DNS services etc. You want to centralize the logs from all servers into on LOG Server. How will you configure the LOG Server to accept logs from remote host?

    Correct Answer:

    To configure a centralized logging server to accept logs from remote hosts, you should be using 'rsyslog' instead of the older 'syslog', as rsyslog is the standard logging service in modern Linux distributions. Here's the procedure: 1. Open the rsyslog configuration file using a text editor like vim: sudo vim /etc/rsyslog.conf 2. Uncomment or add the following lines to enable the UDP and TCP syslog reception: module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") 3. Save and close the file. 4. Open the necessary firewall ports for UDP and TCP traffic on port 514: sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent 5. Reload the firewall to apply changes: sudo firewall-cmd --reload 6. Restart the rsyslog service to apply the configuration changes: sudo systemctl restart rsyslog.service 7. Verify that rsyslog is running correctly: sudo systemctl status rsyslog.service With these steps, your logging server will now be configured to accept logs from remote hosts.

Discussion
ANI_04

$ vim /etc/rsyslog.conf # uncomment the lines containing (load = "imudp" ) (type = "imudp" port="514) (load = "imtcp" ) (type = "imtcp" port="514) $ firewall-cmd --add-port=514/tcp --permanent # restart firewall and rsyslog service

gaven186

should we need to add port for 514 udp too?

ly01

You forgot the UDP port: sudo vim /etc/rsyslog.conf -> uncomment imudp and imtcp portions sudo systemctl restart rsyslog.service sudo ss -tulnp | grep 514 sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent sudo firewall-cmd --reload

badguy001djh

In redhat 8.2, uncomment two lines contained "imtcp" in /etc/rsyslog.conf. Then restart rsyslogd service.Don't forget open port 514/tcp on firewall.

STFN2019

So you would: vi /etc/rsyslog.conf /imtcp – to search the string in question Uncomment 2 lines starting with ‘module’ and ‘input’ systemctl restart rsyslog systemctl status rsyslog (Ensure rsyslog restarted correctly) firewall-cmd --add-port=514/tcp –permanent (Add the port in question and make it permanent) firewall-cmd –reload (Reload the config to ensure changes are still in place) firewall-cmd --list-all (Verify the config)

Ares23

from 7 rsyslog replace syslog

Moram

The file is locate at: vim /etc/sysconfig/rsyslog

STFN2019

Syslogd options are deprecated since rsyslog v3.

KimoHasNoBalls

i would follow this: https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/

hyde666

i think u can typing ls first if u not sure

tahirmirza

so what exactly are we typing here. which part from the explanation to whrere /etc/sysconfig/rsyslog or etc/sysconfig/syslog ???