Install and configure Rsyslog client on Ubuntu 13.04/12.10 Debian

Install and configure Rsyslog client on Ubuntu 13.04/12.10 Debian 

ubuntu

Step 1: Install rsyslog client on Ubuntu

root@ubuntu:~# apt-get install rsyslog
Reading package lists… Done
Building dependency tree
Reading state information… Done
rsyslog is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 22 not upgraded.

Step 2:  Configure rsyslog.conf to forward logs to Syslog Server.

root@ubuntu:~# nano /etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
*.* @@192.168.0.123
#################
#### MODULES ####
#################$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides –MARK– message capability# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
############################
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# Filter duplicated messages
$RepeatedMsgReduction on#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

root@ubuntu:~#

Step 3: Restart rsyslog service

root@ubuntu:~# /etc/init.d/rsyslog restart
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service rsyslog restartSince the script you are attempting to invoke has been converted to an
Upstart job, you may also use the stop(8) and then start(8) utilities,
e.g. stop rsyslog ; start rsyslog. The restart(8) utility is also available.
rsyslog stop/waiting
rsyslog start/running, process 4530
root@ubuntu:~#

That’s all. Thanks for using IThelpblog.com.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>