loading...
Cover image for How to Setup Logging Server with Rsyslog in Debian 10
OpenLAB

How to Setup Logging Server with Rsyslog in Debian 10

aliorhun profile image Ali Orhun Akkirman ・2 min read

It is an important need to collect and analyze logs formed in various clients and servers in a common place. For this need, rsyslog is a very efficient tool.

I wanted to create this article because the rsyslog syntax has changed in the Debian 10 (Buster) version compared to the old debian versions (in example Debian 9).

How to Install Rsyslog Server

The package can be installed as below for rsyslog:

sudo apt install rsyslog

How to Configure Rsyslog Server

In the /etc/rsyslog.conf file, the following lines starting with the "#" sign are removed:

module(load="imudp")
input(type="imudp" port="514")

module(load="imtcp")
input(type="imtcp" port="514")

The following line can be added just below which allows you to get logs. The example shows that all devices in the 127.0.0.1 and 10.0.0.0 network can collect logs:

$AllowedSender TCP, 127.0.0.1, 10.0.0.0/24

In addition, various templates can be logged or taken as in the example below:

$template Incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.*  ?Incoming-logs

Logs would start to be saved under a single file under /var/log if we did not make the corresponding template settings.

After making the related settings, the service is restarted by saving and checking whether there are any errors in the service:

sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog

If there is no problem, syslog format logs directed from the rsyslog client from any source can be collected on the server we set up.

I will specify the relevant client settings in the next post.


Qui nescit dissimulare, nescit regnare

Posted on by:

Discussion

markdown guide