Home » Articles » Linux » Here

Linux Remote Logging

This article describes how to configure remote logging between Linux servers, with specific reference to the information needed for the RHCE EX300 certification exam.

Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.

• Installation
• Firewall
• SELinux
• Configure a system to accept logging from a remote system
• Configure a system to log to a remote system
• Security

Related articles.

• Linux System Log Files

Installation

It is unlikely you will need to install or start the rsyslog process as it should already be installed on your system. In the event that t isn't, it can be installed Yum repository using the following command.

# yum install rsyslog

Turn on the rsyslog service and make sure it starts automatically on reboot.

# service rsyslog start
# chkconfig rsyslog on

The rsyslog service is configured using the "/etc/rsyslog.conf" file. Configuration changes have to be followed by a restart of the service.

# service rsyslog restart

Firewall

The server acting as a recipient for remote logging must have the TCP and UDP port 514 open. This can be achieved by adding the following entry to the type of firewall script described here.

# Open port for NTP server.
iptables -A INPUT -p tcp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 514 -j ACCEPT

SELinux

There are no specific SELinux requirements for configuration of remote logging in Linux.

More information on SELinux can be found here.

Configure a system to accept logging from a remote system

The server acting as a recipient of remote logging must be configured by un-commenting the following entries into the "/etc/rsyslog.conf" file.

$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRUN 514

Remember to restart the rsyslog service for the changes to take effect.

# service rsyslog restart

The server is now ready to accept remote logging messages.

Configure a system to log to a remote system

To make the local server log to a remote server, edit it the "/etc/rsyslog.conf" file on the local server, un-commenting the following line and amending it to the IP address or host name of the remote server. It will be the second-to-last line of the file.

*.*   @@192.168.0.190:514

Test the logging by issuing the following command on the local server.

# logger -p warn "Test Message"

The message should appear in both the local and the remote "/var/log/messages" files. The output below shows the latest entry in the "/var/log/messages" file on two machines. The RHCE1 machine is set up to receive remote logging. The RHCE2 machine is set up to log remotely and issued the test command shown above.

[root@rhce2 ~]# tail -1 /var/log/messages
Jan  5 10:27:15 rhce2 root: Test Message
[root@rhce2 ~]#

[root@rhce1 ~]# tail -1 /var/log/messages
Jan  5 10:27:15 rhce2 root: Test Message
[root@rhce1 ~]#

Security

Host level security is provided by the Linux firewall, as described previously.

For more information see:

• RHEL6 Viewing and Managing Log Files
• Linux man pages
• RHCSA and RHCE
• Linux System Log Files

Hope this helps. Regards Tim...

Back to the Top.

Created: 2013-01-07  Updated: 2015-06-27

Contact Us

Home | Articles | Scripts | Blog | Certification | Videos | Misc | About

About Tim Hall
Copyright & Disclaimer