In this hands-on lab, you will configure remote logging from one server to another. The goal of this activity is to gain experience with being able to set up logging between servers.
In this activity, you need to configure *Server1* as the log host for *Server2*.
*This course is not approved or sponsored by Red Hat.*
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure Server1 to receive logs.
Server1 will need to be configured to receive logs via TCP.
Uncomment the following section within
/etc/rsyslog.conf:$ModLoad imtcp $InputTCPServerRun 514Then, under the line starting with
local7.*, add the following:$template DynFile,"/var/log/hosts/system-%HOSTNAME%.log" *.* -?DynFileRestart the
rsyslogservice.Verify the host is listening on port 514.
Open the firewall to permanently permit incoming traffic on TCP port 514 and reload it.
- Configure Server2 to send logs to Server1.
Verify Server2 can connect to Server1 over TCP port 514.
On Server2, modify the
/etc/rsyslog.conffile.Uncomment the following lines:
$ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is downUncomment the following line and edit as follows:
*.* @@10.0.1.10:514Restart the
rsyslogservice.- Verify logs are being sent to Server1.
Verify the
/var/log/hostsdirectory was created and is being populated.Use
tailon the/var/log/hosts/system-ip-10-0-1-11.logfile to see entries from Server2.You can use the
loggercommand to add entries to the log:On Server2, enter the following command 3 times:
logger "THIS IS A TEST"Verify these entries are showing up in the log file on Server1.
