SIMULATION -
You are a System administrator. Using Log files very easy to monitor the system. Now there are 50 servers running as Mail, Web, Proxy, DNS services etc. You want to centralize the logs from all servers into on LOG Server. How will you configure the LOG Server to accept logs from remote host?
To configure a centralized logging server to accept logs from remote hosts, you should be using 'rsyslog' instead of the older 'syslog', as rsyslog is the standard logging service in modern Linux distributions. Here's the procedure: 1. Open the rsyslog configuration file using a text editor like vim: sudo vim /etc/rsyslog.conf 2. Uncomment or add the following lines to enable the UDP and TCP syslog reception: module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") 3. Save and close the file. 4. Open the necessary firewall ports for UDP and TCP traffic on port 514: sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent 5. Reload the firewall to apply changes: sudo firewall-cmd --reload 6. Restart the rsyslog service to apply the configuration changes: sudo systemctl restart rsyslog.service 7. Verify that rsyslog is running correctly: sudo systemctl status rsyslog.service With these steps, your logging server will now be configured to accept logs from remote hosts.
$ vim /etc/rsyslog.conf # uncomment the lines containing (load = "imudp" ) (type = "imudp" port="514) (load = "imtcp" ) (type = "imtcp" port="514) $ firewall-cmd --add-port=514/tcp --permanent # restart firewall and rsyslog service
should we need to add port for 514 udp too?
You forgot the UDP port: sudo vim /etc/rsyslog.conf -> uncomment imudp and imtcp portions sudo systemctl restart rsyslog.service sudo ss -tulnp | grep 514 sudo firewall-cmd --add-port=514/tcp --permanent sudo firewall-cmd --add-port=514/udp --permanent sudo firewall-cmd --reload
In redhat 8.2, uncomment two lines contained "imtcp" in /etc/rsyslog.conf. Then restart rsyslogd service.Don't forget open port 514/tcp on firewall.
So you would: vi /etc/rsyslog.conf /imtcp – to search the string in question Uncomment 2 lines starting with ‘module’ and ‘input’ systemctl restart rsyslog systemctl status rsyslog (Ensure rsyslog restarted correctly) firewall-cmd --add-port=514/tcp –permanent (Add the port in question and make it permanent) firewall-cmd –reload (Reload the config to ensure changes are still in place) firewall-cmd --list-all (Verify the config)
The file is locate at: vim /etc/sysconfig/rsyslog
Syslogd options are deprecated since rsyslog v3.
from 7 rsyslog replace syslog
so what exactly are we typing here. which part from the explanation to whrere /etc/sysconfig/rsyslog or etc/sysconfig/syslog ???
i think u can typing ls first if u not sure
i would follow this: https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/