rsyslog
Install
sudo dnf install -y rsyslog
Service
sudo systemctl enable rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog
sudo systemctl stop rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog
Config (server)
sudo vim /etc/rsyslog.conf
$ModLoad imudp
$ModLoad imtcp
$UDPServerRun 514
$InputTCPServerRun 514
$template RemoteLogs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
& ~
Config (client)
sudo vim /etc/rsyslog.conf
# at the end of the file
*.* @@172.31.5.208:514
# auth. * @@192.168.100.10:514
Selinux
sudo semanage -a -t syslogd_port_t -p udp 514
sudo semanage -a -t syslogd_port_t -p tcp 514
Firewall
sudo firewall-cmd --permanent --add-port=514/udp
sudo firewall-cmd --permanent --add-port=514/tcp
sudo firewall-cmd --reload
In docker
docker run -it --log-driver syslog alpine bash
BCP
cd /var/log/remote/
./btbrhm00
./btbrhm00/sudo.log
./btbrhm00/systemd.log
./btbrhm00/rsyslogd.log
./btbrhm00/su.log
./btbrhm00/sshd.log
./btbrhm00/grafana-server.log
./btbrhm00/firewalld.log
./btbrhd01
./btbrhd01/systemd.log
./btbrhd01/rsyslogd.log
./btbrhd01/podman.log
./btbrhd02
./btbrhd02/systemd.log
./btbrhd02/rsyslogd.log
./btbrhd02/podman.log
./btbrhd02/kernel.log