.::: How to configure remote logging with rsyslog(Enable syslog) On Linux/Rhel/Centos :::.

In RHEL-6 rsyslog is default logging daemon, In RHEL-5 rsyslog is available but not installed by default.

1. Install rsyslog
# yum -y install rsyslog 

2. Configure the remote server(CLIENT) to accept remote log messages using TCP/UDP.
Uncomment the following lines in the MODULES section of /etc/rsyslog.conf
[root@TeguhClientSyslog ~]# cat /etc/rsyslog.conf
.....
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
.....
[root@TeguhClientSyslog ~]# cat /etc/rsyslog.conf

change to

[root@TeguhClientSyslog ~]# cat /etc/rsyslog.conf
.....
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
.....
[root@TeguhClientSyslog ~]#

[root@TeguhClientSyslog ~]# cat /etc/rsyslog.conf  | grep "ModLoad imtcp"
$ModLoad imtcp
[root@TeguhClientSyslog ~]# cat /etc/rsyslog.conf  | grep "InputTCPServerRun"
$InputTCPServerRun 514
[root@TeguhClientSyslog ~]#

Restart rsyslog
[root@TeguhClientSyslog ~]# systemctl restart rsyslog
[root@TeguhClientSyslog ~]# service rsyslog restart
Redirecting to /bin/systemctl restart rsyslog.service
[root@TeguhClientSyslog ~]#


3. Install syslog watcher or other NMS to catch syslog(CLIENT PC) Optional
https://nchc.dl.sourceforge.net/project/syslog-server/syslog-server/1.2.x/SyslogServer-1.2.3-win32.exe

https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/f0267815-de8f-4d04-a7a8-2fb3f9fd00f9/Tftpd64-4.60-setup.exe?Signature=7m6m2Qx06wmoh4oU96NDZXAVPuc%3D&Expires=1517986687&AWSAccessKeyId=AKIAIQWXW6WLXMB5QZAQ&versionId=UtVhbStg7XQeycUxOhALgISiCluw8RcA&response-content-disposition=attachment%3B%20filename%3D%22Tftpd64-4.60-setup.exe%22


4. Configure the rsyslog Server(SERVER) to rsyslog/syslog watcher TCP/UDP.
Add the following line to the RULES section of /etc/rsyslog.conf

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
#using UDP
*.*  @10.10.10.10:514
*.*  @10.10.10.20:514
#using TCP
*.*  @@10.10.10.10:514
*.*  @@10.10.10.20:514
# ### end of the forwarding rule ###

You can also specify the severity to send, for example info messages:
Raw

*.info      @@10.10.10.10:514

sample log

[root@TeguhServerSyslog /]# cat /etc/rsyslog.conf
.....
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
#Using UDP Port
*.*  @10.10.10.10:514
*.*  @10.10.10.20:514

#Using TCP Port
*.*  @@10.10.10.10:514
*.*  @@10.10.10.20:514
# ### end of the forwarding rule ###

[root@TeguhServerSyslog /]#

Restart rsyslog.
[root@TeguhServerSyslog /]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@TeguhServerSyslog /]# service rsyslog status
rsyslogd (pid  1008) is running...
[root@TeguhServerSyslog /]#

3.  Test Configuration
on SERVER Rsyslog
[root@TeguhServerSyslog /]# logger "Teguh Triharto Corporation"
[root@TeguhServerSyslog /]# tail /var/log/messages
Feb  7 14:38:40 TeguhServerSyslog rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1008" x-info="http://www.rsyslog.com"] start
Feb  7 14:39:53 TeguhServerSyslog root: Teguh Triharto Corporation
Feb  7 14:40:48 TeguhServerSyslog root: Teguh Triharto Corporation
[root@TeguhServerSyslog /]#

On Client Rsyslog

[root@TeguhClientSyslog ~]# tail /var/log/messages
Feb  7 15:01:52 TeguhClientSyslog rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="5065" x-info="http://www.rsyslog.com"] start
Feb  7 15:01:52 TeguhClientSyslog systemd: Started System Logging Service.
Feb  7 15:07:44 TeguhServerSyslog root: Teguh Triharto Corporation
Feb  7 15:07:44 TeguhServerSyslog root: Teguh Triharto Corporation
[root@TeguhClientSyslog ~]#

4. On SyslogWatcher on Windows(CLient)

https://access.redhat.com/solutions/54363