Setting rsyslog server pada ubuntu 18.04


Step by step :

  1. Install rsyslog -y 
    apt-get install rsyslog -y
  2. Check service rsyslog sudah active 
    systemctl status rsyslog

    Output

    ? rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-10-22 04:28:55 UTC; 1min 31s ago
     Docs: man:rsyslogd(8)
           
    RSyslog Documentation
    
 Main PID: 724 (rsyslogd)
    Tasks: 4 (limit: 1114)
   CGroup: /system.slice/rsyslog.service
           ??724 /usr/sbin/rsyslogd -n

Oct 22 04:28:53 ubuntu1804 systemd[1]: Starting System Logging Service...
Oct 22 04:28:54 ubuntu1804 rsyslogd[724]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.32.0]
Oct 22 04:28:54 ubuntu1804 rsyslogd[724]: rsyslogd's groupid changed to 106
Oct 22 04:28:54 ubuntu1804 rsyslogd[724]: rsyslogd's userid changed to 102
Oct 22 04:28:54 ubuntu1804 rsyslogd[724]:  [origin software="rsyslogd" swVersion="8.32.0" x-pid="724" x-info="http://www.rsyslog.com"] start
Oct 22 04:28:55 ubuntu1804 systemd[1]: Started System Logging Service.
  3. Konfigurasi rsyslog #nano /etc/rsyslog.conf

    $ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
    $AllowedSender TCP, 127.0.0.1, 192.168.0.0/24, *.example.com
$AllowedSender UDP, 127.0.0.1, 192.168.0.0/24, *.example.com
    $template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
*.* ?remote-incoming-logs
& ~
  4. Check hasil konfigurasi jika ada systax error #rsyslogd -f /etc/rsyslog.conf -N1

    rsyslogd: version 8.32.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
  5. Restart rsyslog 
    systemctl restart rsyslog
  6. Verifikasi rsyslog listen tcp/udp port 
    netstat -4altunp | grep 514

    Output :

    tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      1332/rsyslogd       
udp        0      0 0.0.0.0:514             0.0.0.0:*                           1332/rsyslogd
  7. Konfigurasi Rsyslog client #nano /etc/rsyslog.conf

    ##Enable sending of logs over UDP add the following line:

*.* @192.168.0.101:514


##Enable sending of logs over TCP add the following line:

*.* @@192.168.0.101:514

##Set disk queue when rsyslog server will be down:

$ActionQueueFileName queue
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
  8. restart rsyslog client 
    systemtcl restart rsyslog
  9. View client log 
    ls /var/log/rsyslog-client/

    Output

    CRON.log  kernel.log  rsyslogd-2039.log  rsyslogd.log  sudo.log  wpa_supplicant.log

Artikel Lainnya:


Di tulis oleh: