rsyslogtool takes care of receiving all the log message from the kernel and operating system applications and distributing them over files in
rsyslog can do much more than that which includes logging into a remote server. This can be extremely useful for aggregating logs across a large fleet of servers or when it is not possible to write logs on disk.
In this tutorial, we’re going to install
rsyslog on a remote machine so we can ship logs to, redirect all logging to that remote server.
rsyslog on Remote Server
You will need a copy of
rsyslog running on a remote machine which will be recieving the logs from your existing server. It’s best that you have this in a remote location. The reason being that if this server crashes at the same time as your server crashes, you won’t be able to get any logs to troubleshoot any issues.
Assuming that you’re using Ubuntu on the remote machine, you’ll already be running
rsyslog. If not, you can install it by following the instructions provided inside the rsyslog website.
Once it’s installed, you will need to make sure that it listens on a port which we will send logs to. The default port is 514 which we’ll keep. You will need to edit the file
Local Storage Log Path
/var/syslog/hosts/Host Machine Name/ Year/Month/
Rsyslog Server Configuration file:
# log every host in its own directory
# Local Logging
# use the local RuleSet as default if not specified otherwise
# Remote Logging
# Send messages we receive to Gremlin
# bind ruleset to tcp listener
# and activate it:
Log Source Configuration:
Configuration file: /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
$template MyTemplate, “<%pri%> %timestamp% zabbix.10.135.63.208 %syslogtag% %msg%\n” ### these two lines will add zabbix.10.135.63.208 in fwded lines to easily identify source servers
- Check rsyslogd service running
- Port 514 UDP is open
- Rsyslog server able to communicate with remote.server port 514