This article describes how to configure remote logging between Linux servers, with specific reference to the information needed for the RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn’t matter which method you use to achieve the result, so long as the end product is correct.
- Configure a system to accept logging from a remote system
- Configure a system to log to a remote system
It is unlikely you will need to install or start the rsyslog process as it should already be installed on your system. In the event that t isn’t, it can be installed Yum repository using the following command.
# yum install rsyslog
Turn on the rsyslog service and make sure it starts automatically on reboot.
# service rsyslog start # chkconfig rsyslog on
The rsyslog service is configured using the “/etc/rsyslog.conf” file. Configuration changes have to be followed by a restart of the service.
# service rsyslog restart
The server acting as a recipient for remote logging must have the TCP and UDP port 514 open. This can be achieved by adding the following entry to the type of firewall script described here.
# Open port for NTP server. iptables -A INPUT -p tcp --dport 514 -j ACCEPT iptables -A INPUT -p udp --dport 514 -j ACCEPT
There are no specific SELinux requirements for configuration of remote logging in Linux.
More information on SELinux can be found here.
Configure a system to accept logging from a remote system
The server acting as a recipient of remote logging must be configured by un-commenting the following entries into the “/etc/rsyslog.conf” file.
$ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRUN 514
** Some resources list the modules with a “.so” suffix. On my Oracle Linux 6.3 installations, this suffix was not present.
Remember to restart the rsyslog service for the changes to take effect.
# service rsyslog restart
The server is now ready to accept remote logging messages.
Configure a system to log to a remote system
To make the local server log to a remote server, edit it the “/etc/rsyslog.conf” file on the local server, un-commenting the following line and amending it to the IP address or host name of the remote server. It will be the second-to-last line of the file.
Test the logging by issuing the following command on the local server.
# logger -p warn "Test Message"
The message should appear in both the local and the remote “/var/log/messages” files. The output below shows the latest entry in the “/var/log/messages” file on two machines. The RHCE1 machine is set up to receive remote logging. The RHCE2 machine is set up to log remotely and issued the test command shown above.
[root@rhce2 ~]# tail -1 /var/log/messages Jan 5 10:27:15 rhce2 root: Test Message [root@rhce2 ~]# [root@rhce1 ~]# tail -1 /var/log/messages Jan 5 10:27:15 rhce2 root: Test Message [root@rhce1 ~]#
Host level security is provided by the Linux firewall, as described previously.
For more information see:
Leave a comment