In prior releases of redhat, remote logging was configured via syslogd. In RHEL6, this is replaced with rsyslog.
The first step is to setup a remote server to receive the logging messages, http://www.rsyslog.com/receiving-messages-from-a-remote-system/ has a great walkthrough on setting this up.
- Edit /etc/rsyslog.conf an clear the # before the lines allowing syslog reception
- $ModLoad imudp.so
- $UDPServerRun 514
- $ModLoad imtcp.so
- $InputTCPServerRUN 514
- Restart the rsyslog daemon – service rsyslog restart
- Open the firewall to allow syslog connections
- iptables -I INPUT -p tcp –dport 514 -j ACCEPT
- iptables -I INPUT -p udp –dport 514 -j ACCEPT
- iptables-save > /etc/sysconfig/iptables
The next step is to configure the local system to send messages, http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/ has a great walkthrough on setting this up
- Edit /etc/rsyslog.conf and enter the below line (using the appropriate IP or DNS name)
- *.* @@192.168.10.1:514
- Restart the rsyslog daemon – service rsyslog restart
Test the configuration by running logger -p warn foo. This will log a message in the local /var/log/messages and should log a similar message at the same location on the remote server
Comments
Post a Comment