Install and configure rsyslog Centralized logging server in CentOS 6


Configure rsyslog in RHEL 6.x / CentOS 6.x


 Step 1 : Enable the module.We will uncomment the below given line by removing #
Edit the file /etc/rsyslog.conf

 Uncomment by removing # in front of these module names

 module(load="imuxsock") # provides support for local system logging (e.g. via logger command)

module(load="imklog")   # provides kernel logging support (previously done by rklogd

 Now, in same file , search for line *.emerg *. Modify the action (i.e *) with :omusrmsg:* . See below given reference

 *.emerg                        :omusrmsg:*

 Now, at the end of file /etc/rsyslog.conf, paste the below given code(These are rsyslog templates)

 #
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"

 authpriv.*   ?TmplAuth

*.info,mail.none,authpriv.none,cron.none   ?TmplMsg

Now , save and exit from file vi /etc/rsyslog.conf

Or just copy or paste the rsyslog file from below:


[root@ELK-SYSLOG ~]# egrep -v '^#|^$' /etc/rsyslog.conf -v
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
kern.*                                                  /var/log/iptables.log
kern.crit                                               /var/log/iptables-crit.log
kern.info                                               /var/log/iptables-info.log
$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.*   ?TmplAuth
*.info,mail.none,authpriv.none,cron.none   ?TmplMsg





Start/Restart the rsyslog service

/etc/init.d/rsyslog restart 

then look on /var/log/message, should be following:

Dec  3 19:10:24 ELK-SYSLOG rsyslogd: [origin software="rsyslogd" swVersion="7.6.7" x-pid="15234" x-info="http://www.rsyslog.com"] exiting on signal 15.
Dec  3 19:10:24 ELK-SYSLOG rsyslogd: [origin software="rsyslogd" swVersion="7.6.7" x-pid="15307" x-info="http://www.rsyslog.com"] start

Comments

Post a Comment

Thank you for visiting my blog.

Popular posts from this blog

Defining Audit Rules

The Audit system operates on a set of rules that define what is to be captured in the log files. There are three types of Audit rules that can be specified: Control rules — allow the Audit system's behavior and some of its configuration to be modified. File system rules — also known as file watches, allow the auditing of access to a particular file or a directory. System call rules — allow logging of system calls that any specified program makes.  Audit rules can be specified on the command line with the auditctl utility (note that these rules are not persistent across reboots), or written in the /etc/audit/audit.rules file. The following two sections summarize both approaches to defining Audit rules.   Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect unauthorized cha...
Read more

AIX Install packages, upgrade, patching commands

lslpp -L                             displays info about all installed filesets or fileset updates lslpp -L <fileset>                   displays info about that fileset lslpp -h <fileset>                   shows the history of the fileset lslpp -l | grep <fileset>           shows if it is installed or not lslpp -lc| grep <fileset>           shows the state (Aplp., Comm., Broken..) in /etc/objrepos and in /usr/lib/objrepos of a fileset lslpp -f <fileset>                   shows all files that are installed with  a particular fileset lslpp -w /usr/local/bin/lsof        shows the fileset which contains the giv...
Read more

Oracle Database Quick Installation steps 11g Release 2 for Linux x86-64

This article is a comprehensive steps for installing Oracle Database 11 g Release 2 (11.2.0.1) on the Red Hat Enterprise Linux 6 (RHEL6)  operating environment. Both 32-bit (x86) and 64-bit (x86_64) architectures are covered in this guide. Unless otherwise noted, the installation steps are the same for either. Having said that, one of the first decisions to make before continuing with this guide is which architecture you will be using. Both Oracle and Linux must be installed on the same operating system architecture. For example, 32-bit Oracle is only supported to run on 32-bit Linux OS and 64-bit Oracle is only supported to run on 64-bit Linux OS. Install Required Linux Packages for Oracle: After installing the Linux OS, the next step is to verify and install all packages required for Oracle Database 11 g Release 2. The Oracle Universal Installer (OUI) performs checks on the machine during installation to verify that it meets the...
Read more