lotte/ChamplainTechJournals
1
Code Activity
ChamplainTechJournals/net-sec-controls-sec350/rsyslog.md
Charlotte Croce fbd588721e migrate to git.charlotte.sh
2025-04-19 23:42:08 -04:00

1.3 KiB
Raw Blame History

rsyslog configuration

an open-source software used on linux computer systems for forwarding log messages through a network.
sudo apt/yum install rsyslog

server

open ports 514 on server

sudo firewall-cmd --add-port=514/tcp --permament
sudo firewall-cmd --add-port=514/udp --permament
sudo firewall-cmd --reload

enable log input modules

the /etc/rsyslog.conf file needs to be modified to receive syslog messages over ports 514 tcp and udp. Uncomment the appropriate lines (see below) and restart the rsyslog service.
image

monitor for incoming logs

  • tail -f /var/log/messages

client

configure log forwarding to server

  • rsyslog needs to be installed on client as well: sudo yum install rsyslog
  • create the following file: /etc/rsyslog.d/sec350.conf, add the line user.notice @172.16.50.5, and restart rsyslog image

NOTE: the line in sec350.conf means:
user = syslog facility
notice = syslog priority
@=UDP, @@ means TCP, so we are only going to send UDP
172.16.50.5 = Remote Syslog Server

loggin authpriv messages on linux systems

image

create test log

  • logger -t test TESTLOG123