Syslog Server Configuration

https://wiki.gentoo.org/wiki/Rsyslog

IT-Conductor supports Central Syslog Server configuration, in which a chosen IT-Conductor Gateway can provide centralized storage of System log data that is forwarded from individual systems. This allows administrators to get an overview of events on all hosts, search through them and configure notifications on ones matching certain criteria.

 

Setting up Central Syslog Server

In the Administration dashboard expand Syslog Servers tile to full-screen mode and click to create new Server

The following screen will prompt

Fill in the following attributes:

  • Name - the name of the Server as it appears in IT-Conductor

  • Description - optional description

  • Role - optional role of the Syslog Server (Development, QA, Production etc)

  • Site - optional IT-Conductor site - this allows for site based maintenance mode administration

  • Gateway - a configured IT-Conductor Gateway where the server will run

  • Protocol - udp/tcp (currently only udp is supported in production environment)

  • Port Number - Port number for Central Syslog server (default 514)

  • Lowest Priority - the lowest priority of Syslog events to store

Click Finish to create the server.

Depending on the Role and Site the Syslog Server will show in the service grid under Syslog Central in about 15 minutes

The server will be picked up by the Gateway in a few minutes and will start listening on the specified port to process the events forwarded by Linux systems. Make sure the configured port is not already in use or the server will fail to start (see Log for details)

Setting up the Client Machines

SUSE Eneterprise Linux

To configure a machine for remote logging on a central syslog server, perform the following steps:

  1. Edit the configuration file /etc/rsyslog.d/remote.conf.

  2. Uncomment the appropriate line (TCP or UDP) and replace remote-host with the address of the central syslog server

    UDP example:

    # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @it-conductor-gateway-host


    TCP example:

    # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@it-conductor-gateway-host

     

  3. Save the file.

  4. Restart the rsyslog service:

    > sudo systemctl restart rsyslog.service
  5. Verify the proper function of the syslog forwarding:

    The log message hello world should now appear on the central syslog server.

RedHat Enterprise Linux

To configure a machine for remote logging on a central syslog server, perform the following steps:

  1. Edit the configuration file /etc/rsyslog.conf

  2. Add or edit an existing line replace remote-host with the address of the central syslog server

    UDP example:

     

    TCP example:

     

  3. Save the file.

  4. Restart the rsyslog service:

  5. Verify the proper function of the syslog forwarding:

    The log message hello world should now appear on the central syslog server.