Linux Remote Logging
This article describes how to configure remote logging between Linux servers, with specific reference to the information needed for the RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.
- Configure a system to accept logging from a remote system
- Configure a system to log to a remote system
It is unlikely you will need to install or start the rsyslog process as it should already be installed on your system. In the event that t isn't, it can be installed Yum repository using the following command.
# yum install rsyslog
Turn on the rsyslog service and make sure it starts automatically on reboot.
# service rsyslog start # chkconfig rsyslog on
The rsyslog service is configured using the "/etc/rsyslog.conf" file. Configuration changes have to be followed by a restart of the service.
# service rsyslog restart
The server acting as a recipient for remote logging must have the TCP and UDP port 514 open. This can be achieved by adding the following entry to the type of firewall script described here.
# Open port for NTP server. iptables -A INPUT -p tcp --dport 514 -j ACCEPT iptables -A INPUT -p udp --dport 514 -j ACCEPT
There are no specific SELinux requirements for configuration of remote logging in Linux.
More information on SELinux can be found here.
Configure a system to accept logging from a remote system
The server acting as a recipient of remote logging must be configured by un-commenting the following entries into the "/etc/rsyslog.conf" file.
$ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRUN 514
Some resources list the modules with a ".so" suffix. On my Oracle Linux 6.3 installations, this suffix was not present.
Remember to restart the rsyslog service for the changes to take effect.
# service rsyslog restart
The server is now ready to accept remote logging messages.
Configure a system to log to a remote system
To make the local server log to a remote server, edit it the "/etc/rsyslog.conf" file on the local server, un-commenting the following line and amending it to the IP address or host name of the remote server. It will be the second-to-last line of the file.
Test the logging by issuing the following command on the local server.
# logger -p warn "Test Message"
The message should appear in both the local and the remote "/var/log/messages" files. The output below shows the latest entry in the "/var/log/messages" file on two machines. The RHCE1 machine is set up to receive remote logging. The RHCE2 machine is set up to log remotely and issued the test command shown above.
[root@rhce2 ~]# tail -1 /var/log/messages Jan 5 10:27:15 rhce2 root: Test Message [root@rhce2 ~]# [root@rhce1 ~]# tail -1 /var/log/messages Jan 5 10:27:15 rhce2 root: Test Message [root@rhce1 ~]#
Host level security is provided by the Linux firewall, as described previously.
For more information see:
Hope this helps. Regards Tim...