View Source

https://wiki.gentoo.org/wiki/Rsyslog

IT-Conductor supports Central Syslog Server configuration, in which a chosen IT-Conductor Gateway can provide centralized storage of System log data that is forwarded from individual systems. This allows administrators to get an overview of events on all hosts, search through them and configure notifications on ones matching certain criteria.

IT-Conductor Knowledge Base > Syslog Server Configuration > image-20220809-190246.png

Setting up Central Syslog Server

In the Administration dashboard expand Syslog Servers tile to full-screen mode and click to create new Server

The following screen will prompt

IT-Conductor Knowledge Base > Syslog Server Configuration > image-20220809-020057.png

Fill in the following attributes:

Name - the name of the Server as it appears in IT-Conductor
Description - optional description
Role - optional role of the Syslog Server (Development, QA, Production etc)
Site - optional IT-Conductor site - this allows for site based maintenance mode administration
Gateway - a configured IT-Conductor Gateway where the server will run
Protocol - udp/tcp (currently only udp is supported in production environment)
Port Number - Port number for Central Syslog server (default 514)
Lowest Priority - the lowest priority of Syslog events to store

Click Finish to create the server.

Depending on the Role and Site the Syslog Server will show in the service grid under Syslog Central in about 15 minutes

IT-Conductor Knowledge Base > Syslog Server Configuration > image-20220825-004005.png

The server will be picked up by the Gateway in a few minutes and will start listening on the specified port to process the events forwarded by Linux systems. Make sure the configured port is not already in use or the server will fail to start (see Log for details)

Setting up the Client Machines

SUSE Eneterprise Linux

To configure a machine for remote logging on a central syslog server, perform the following steps:

Edit the configuration file /etc/rsyslog.d/remote.conf.

Uncomment the appropriate line (TCP or UDP) and replace remote-host with the address of the central syslog server

UDP example:

# Remote Logging using UDP
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @it-conductor-gateway-host

TCP example:

# Remote Logging using TCP for reliable delivery
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@it-conductor-gateway-host

Save the file.

Restart the rsyslog service:

> sudo systemctl restart rsyslog.service

Verify the proper function of the syslog forwarding:
> logger "hello world"
The log message hello world should now appear on the central syslog server.

RedHat Enterprise Linux

To configure a machine for remote logging on a central syslog server, perform the following steps:

Edit the configuration file /etc/rsyslog.conf

Add or edit an existing line replace remote-host with the address of the central syslog server

UDP example:

# Remote Logging using UDP
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @it-conductor-gateway-host

TCP example:

# Remote Logging using TCP for reliable delivery
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@it-conductor-gateway-host

Save the file.

Restart the rsyslog service:

> sudo systemctl restart rsyslog.service

Verify the proper function of the syslog forwarding:
> logger "hello world"
The log message hello world should now appear on the central syslog server.