rsyslog

1

sudo dnf install -y rsyslog

1
2
3
4
5
6
7

sudo systemctl enable rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog

sudo systemctl stop rsyslog
sudo systemctl start rsyslog
sudo systemctl status rsyslog

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

sudo vim /etc/rsyslog.conf


$ModLoad imudp
$ModLoad imtcp
$UDPServerRun 514
$InputTCPServerRun 514

$template RemoteLogs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs 
& ~

1
2
3
4
5

sudo vim /etc/rsyslog.conf

# at the end of the file
*.*  @@172.31.5.208:514
# auth. *  @@192.168.100.10:514

1
2

sudo semanage -a -t syslogd_port_t -p udp 514
sudo semanage -a -t syslogd_port_t -p tcp 514

1
2
3

sudo firewall-cmd --permanent --add-port=514/udp
sudo firewall-cmd --permanent --add-port=514/tcp
sudo firewall-cmd --reload

1

docker run -it --log-driver syslog alpine bash

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

cd /var/log/remote/
./btbrhm00
./btbrhm00/sudo.log
./btbrhm00/systemd.log
./btbrhm00/rsyslogd.log
./btbrhm00/su.log
./btbrhm00/sshd.log
./btbrhm00/grafana-server.log
./btbrhm00/firewalld.log
./btbrhd01
./btbrhd01/systemd.log
./btbrhd01/rsyslogd.log
./btbrhd01/podman.log
./btbrhd02
./btbrhd02/systemd.log
./btbrhd02/rsyslogd.log
./btbrhd02/podman.log
./btbrhd02/kernel.log