Syslog Server Configuration
https://wiki.gentoo.org/wiki/Rsyslog
IT-Conductor supports Central Syslog Server configuration, in which a chosen IT-Conductor Gateway can provide centralized storage of System log data that is forwarded from individual systems. This allows administrators to get an overview of events on all hosts, search through them and configure notifications on ones matching certain criteria.
Â
Setting up Central Syslog Server
In the Administration dashboard expand Syslog Servers tile to full-screen mode and click to create new Server
The following screen will prompt
Fill in the following attributes:
Name - the name of the Server as it appears in IT-Conductor
Description - optional description
Role - optional role of the Syslog Server (Development, QA, Production etc)
Site - optional IT-Conductor site - this allows for site based maintenance mode administration
Gateway - a configured IT-Conductor Gateway where the server will run
Protocol - udp/tcp (currently only udp is supported in production environment)
Port Number - Port number for Central Syslog server (default 514)
Lowest Priority - the lowest priority of Syslog events to store
Click Finish to create the server.
Depending on the Role and Site the Syslog Server will show in the service grid under Syslog Central in about 15 minutes
The server will be picked up by the Gateway in a few minutes and will start listening on the specified port to process the events forwarded by Linux systems. Make sure the configured port is not already in use or the server will fail to start (see Log for details)
Setting up the Client Machines
SUSE Eneterprise Linux
To configure a machine for remote logging on a central syslog server, perform the following steps:
Edit the configuration file
/etc/rsyslog.d/remote.conf
.Uncomment the appropriate line (TCP or UDP) and replace
remote-host
with the address of the central syslog serverUDP example:
# Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @it-conductor-gateway-host
TCP example:# Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@it-conductor-gateway-host
Â
Save the file.
Restart the
rsyslog
service:> sudo systemctl restart rsyslog.service
Verify the proper function of the syslog forwarding:
The log message
hello world
should now appear on the central syslog server.
RedHat Enterprise Linux
To configure a machine for remote logging on a central syslog server, perform the following steps:
Edit the configuration file
/etc/rsyslog.conf
Add or edit an existing line replace
remote-host
with the address of the central syslog serverUDP example:
Â
TCP example:
Â
Save the file.
Restart the
rsyslog
service:Verify the proper function of the syslog forwarding:
The log message
hello world
should now appear on the central syslog server.
Â