All the network devices, such as firewalls, routers, switches, or servers, save logs about their statuses and the occurred events. The small system’s generated logs are not very difficult to track. However, what about the extensive systems or networks? This is where the Syslog server comes up.
This is the most mature protocol and has been used for decades. It involves transporting messages (logs) from network devices to the server where logs are saved for review and management purposes. The Syslog server can either be a physical server or a virtual device, and in this article, we will go through all the steps required to set up the Syslog server.
How To Install the Syslog Server on CentOS 8
Syslog server named Rsyslog is an open-source system logging utility that comes pre-installed in CentOS 8. To use it, we will have to update the system’s packages using the following command:
Now, we will get the latest Syslog server (Rsylog) using the following command:
Once we hit enter, the terminal would ask us:
Once we press “y” and enter, the terminal will automatically download and install the required packages.
How To Configure the Syslog Server on CentOS 8
Syslog server needs to be configured after it has been installed to receive logs from the clients. This is a multi-step guide; you will be done in no time after using the following commands.
Step 1: To start receiving the logs using the TCP/UDP protocols, we need to enable them. The file named rsyslog.conf contains all the required configurations and permissions for UDP/TCP.
Using the following command, we will edit rsyslog.conf file using the built-in nano editor:
Hitting enter will open the file to be edited. Now, for the UDP, we will have to remove “#” to uncomment the following lines:
For the TCP, we will have to remove “#” to uncomment the following lines:
Now, press CTRL+S and then CTRL+X. The editor will exit.
Step 2: The Syslog server listens to port# 514, so you are to allow all connections to it using the following command to receive messages on the server:
Now, we have to reload the firewall to adapt changes using the following command:
Step 3: We have to restart and re-enable the rsylog by using the following commands:
And
Finally, you can get the list of messages by using the following command:
Conclusion
The Syslog server is widely used to receive and store the network logs from the network activity from the network devices like switches, routers or servers, etc. The Syslog server uses the package named “Syslog package” to get access to CentOS 8. This comprehensive guide provides you with all the necessary help to set up the Syslog server on CentOS 8. Configure it to receive the messages from clients, and you can get the messages.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
