EX200 Exam QuestionsBrowse all questions from this exam

EX200 Exam - Question 62


SIMULATION -

You are a System administrator. Using Log files very easy to monitor the system. Now there are 50 servers running as Mail, Web, Proxy, DNS services etc. You want to centralize the logs from all servers into on LOG Server. How will you configure the LOG Server to accept logs from remote host?

Show Answer
Correct Answer:

To configure a centralized logging server to accept logs from remote hosts, you should be using 'rsyslog' instead of the older 'syslog', as rsyslog is the standard logging service in modern Linux distributions. Here's the procedure: 1. Open the rsyslog configuration file using a text editor like vim: sudo vim /etc/rsyslog.conf 2. Uncomment or add the following lines to enable the UDP and TCP syslog reception: module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") 3. Save and close the file. 4. Open the necessary firewall ports for UDP and TCP traffic on port 514: sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent 5. Reload the firewall to apply changes: sudo firewall-cmd --reload 6. Restart the rsyslog service to apply the configuration changes: sudo systemctl restart rsyslog.service 7. Verify that rsyslog is running correctly: sudo systemctl status rsyslog.service With these steps, your logging server will now be configured to accept logs from remote hosts.

Discussion

7 comments
Sign in to comment
ANI_04
Oct 9, 2021

$ vim /etc/rsyslog.conf # uncomment the lines containing (load = "imudp" ) (type = "imudp" port="514) (load = "imtcp" ) (type = "imtcp" port="514) $ firewall-cmd --add-port=514/tcp --permanent # restart firewall and rsyslog service

gaven186
Jul 4, 2024

should we need to add port for 514 udp too?

ly01
Jul 12, 2024

You forgot the UDP port: sudo vim /etc/rsyslog.conf -> uncomment imudp and imtcp portions sudo systemctl restart rsyslog.service sudo ss -tulnp | grep 514 sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent sudo firewall-cmd --reload

badguy001djh
Aug 7, 2021

In redhat 8.2, uncomment two lines contained "imtcp" in /etc/rsyslog.conf. Then restart rsyslogd service.Don't forget open port 514/tcp on firewall.

STFN2019
Sep 23, 2021

So you would: vi /etc/rsyslog.conf /imtcp – to search the string in question Uncomment 2 lines starting with ‘module’ and ‘input’ systemctl restart rsyslog systemctl status rsyslog (Ensure rsyslog restarted correctly) firewall-cmd --add-port=514/tcp –permanent (Add the port in question and make it permanent) firewall-cmd –reload (Reload the config to ensure changes are still in place) firewall-cmd --list-all (Verify the config)

Moram
Sep 16, 2020

The file is locate at: vim /etc/sysconfig/rsyslog

STFN2019
Sep 23, 2021

Syslogd options are deprecated since rsyslog v3.

Ares23
May 17, 2021

from 7 rsyslog replace syslog

tahirmirza
Nov 18, 2020

so what exactly are we typing here. which part from the explanation to whrere /etc/sysconfig/rsyslog or etc/sysconfig/syslog ???

hyde666
Jan 13, 2021

i think u can typing ls first if u not sure

KimoHasNoBalls
Sep 5, 2022

i would follow this: https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/