Rsyslog is a powerful and highly extensible log management tool that offers multiple capabilities, including centralized logging, log forwarding, and message filtering. In this comprehensive guide, we will walk you through the steps of how to install and configure rsyslog on Rocky Linux.
Table of Contents
- Introduction to Rsyslog
- Installing Rsyslog on Rocky Linux
- Configuring Rsyslog
- Rsyslog Configuration Files
- Creating Custom Configuration Files
- Centralized Logging with Rsyslog
- Setting Up the Rsyslog Server
- Configuring Rsyslog Clients
- Monitoring and Managing Rsyslog
- Conclusion
How to Install and Configure Rsyslog on Rocky Linux
Introduction to Rsyslog
Rsyslog is a powerful and highly extensible log management tool that offers multiple capabilities, including centralized logging, log forwarding, and message filtering. It is a default syslog daemon for many Linux distributions, including Rocky Linux. Rsyslog can be easily integrated with other tools for advanced log analysis and reporting.
Installing Rsyslog on Rocky Linux
To begin, update your system packages using the following command:
sudo dnf update -y
Next, install rsyslog using the following command:
sudo dnf install rsyslog -yOnce the installation is complete, start and enable the rsyslog service using the following commands:
sudo systemctl start rsyslog
sudo systemctl enable rsyslogYou can check the status of the rsyslog service with the following command:
sudo systemctl status rsyslogConfiguring Rsyslog on Rocky Linux
Rsyslog Configuration Files
The main rsyslog configuration file is located at /etc/rsyslog.conf. This file contains global directives, module loading, and default rules. The /etc/rsyslog.d/ directory is used for storing custom configuration files. Rsyslog reads all the .conf files from this directory in alphabetical order.
To edit the main configuration file, open it with your favorite text editor:
sudo nano /etc/rsyslog.confCreating Custom Configuration Files
To create a custom configuration file, navigate to the /etc/rsyslog.d/ directory and create a new file with the .conf extension. For example, to create a custom configuration file named custom_logging.conf, run:
sudo nano /etc/rsyslog.d/custom_logging.confAdd your custom rules and save the file. Restart the rsyslog service for the changes to take effect:
sudo systemctl restart rsyslogCentralized Logging with Rsyslog on Rocky Linux
Setting Up the Rsyslog Server
To set up a centralized logging server, you need to install and configure rsyslog on a dedicated server. Follow the installation steps mentioned above. Then, open the rsyslog configuration file:
sudo nano /etc/rsyslog.confUncomment the following lines to enable the UDP and TCP input modules:
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")Save the changes and restart the rsyslog service:
sudo systemctl restart rsyslogTo check the status of the rsyslog service, run the following command:
sudo systemctl status rsyslogConfigure Firewall
If you have a firewall enabled on your Rocky Linux system, you need to allow incoming traffic on ports 514/tcp and 514/udp. Execute the following commands to configure the firewall:
sudo firewall-cmd --add-port=514/tcp --permanent
sudo firewall-cmd --add-port=514/udp --permanent
sudo firewall-cmd --reloadConfigure Log Forwarding (Optional) on Rocky Linux
If you want to use your Rocky Linux server as a central log server, you can configure other Linux systems to forward their logs to this server. To do this, follow these steps on each client system:
- Install rsyslog if it is not already installed:
sudo dnf install rsyslog- Open the rsyslog configuration file:
sudo nano /etc/rsyslog.conf- Add the following lines at the end of the file to forward logs to the central log server (replace
your_log_server_ipwith the IP address of your Rocky Linux log server):
*.* @@your_log_server_ip:514- Save the changes and restart the rsyslog service:
sudo systemctl restart rsyslogTest Rsyslog Configuration on Rocky Linux
To test your rsyslog configuration, send a test log message from the client system:
logger "Test log message from client"On the central log server, check the /var/log/messages file for the test log message:
sudo tail /var/log/messagesIf you see the test log message, your rsyslog configuration is working correctly.
Conclusion
In this tutorial, you have learned how to install and configure rsyslog on Rocky Linux. You have also learned how to set up a central log server and forward logs from other Linux systems to it. Properly configuring rsyslog can significantly improve the manageability and security of your Linux environment. For more information about configuring other essential Linux services, check out our guides on how to install and configure Prometheus on Rocky Linux, how to install and configure Zabbix on Rocky Linux, and how to install and configure Nagios on Rocky Linux.
