rsyslog

Install

sudo dnf install -y rsyslog

Service

sudo systemctl enable rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog

sudo systemctl stop rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog

Config (server)

sudo vim /etc/rsyslog.conf


$ModLoad imudp
$ModLoad imtcp
$UDPServerRun 514
$InputTCPServerRun 514

$template RemoteLogs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs 
& ~

Config (client)

sudo vim /etc/rsyslog.conf

# at the end of the file
*.*  @@172.31.5.208:514
# auth. *  @@192.168.100.10:514

Selinux

sudo semanage -a -t syslogd_port_t -p udp 514
sudo semanage -a -t syslogd_port_t -p tcp 514

Firewall

sudo firewall-cmd --permanent --add-port=514/udp
sudo firewall-cmd --permanent --add-port=514/tcp
sudo firewall-cmd --reload

In docker

docker run -it --log-driver syslog alpine bash

BCP

cd /var/log/remote/
./btbrhm00
./btbrhm00/sudo.log
./btbrhm00/systemd.log
./btbrhm00/rsyslogd.log
./btbrhm00/su.log
./btbrhm00/sshd.log
./btbrhm00/grafana-server.log
./btbrhm00/firewalld.log
./btbrhd01
./btbrhd01/systemd.log
./btbrhd01/rsyslogd.log
./btbrhd01/podman.log
./btbrhd02
./btbrhd02/systemd.log
./btbrhd02/rsyslogd.log
./btbrhd02/podman.log
./btbrhd02/kernel.log