SSL

In this tuto, we will configure the server to receive all clients logs.

graph LR; A(client); B("server - 192.168.1.10"); %% Links A-->B; %% color style A fill:#FFC573 style B fill:#81B4E6

Server Configuration

• 10-server.conf

UDPTCP

$ModLoad      imudp # Load UDP module
$UDPServerRun 514   # Use port 514

$ModLoad           imtcp # Load TCP module
$InputTCPServerRun 514   # Use port 514

• 11-log-router.conf

  #
  # Set the default permissions for all log files.
  #
  # $Umask 0022
  # $FileOwner root
  # $FileGroup adm
  # $FileCreateMode 0640
  # $DirOwner root
  # $DirGroup adm
  # $DirCreateMode 0755
  
  $template PerAppLog,"/var/log/apps/%PROGRAMNAME%/%$YEAR%/%$MONTH%/%$DAY%/app.log"
  $template rawFormat,"%rawmsg%\n"
  
  $template PerHostAuth,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
  $template PerHostCron,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
  $template PerHostSyslog,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
  $template PerHostDaemon,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/daemon.log"
  $template PerHostKern,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/kern.log"
  $template PerHostLpr,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/lpr.log"
  $template PerHostUser,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/user.log"
  $template PerHostMail,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.log"
  $template PerHostMailInfo,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.info"
  $template PerHostMailWarn,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.warn"
  $template PerHostMailErr,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.err"
  $template PerHostNewsCrit,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.crit"
  $template PerHostNewsErr,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.err"
  $template PerHostNewsNotice,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice"
  $template PerHostDebug,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug"
  $template PerHostMessages,"/var/log/host/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
  
  if $programname startswith "app_" then {
      *.* -?PerAppLog;rawFormat
      *.* stop
  }
  
  auth,authpriv.*         ?PerHostAuth
  *.*;auth,authpriv.none  -?PerHostSyslog
  cron.*                  ?PerHostCron
  daemon.*                -?PerHostDaemon
  kern.*                  -?PerHostKern
  lpr.*                   -?PerHostLpr
  mail.*                  -?PerHostMail
  user.*                  -?PerHostUser
  
  mail.info               -?PerHostMailInfo
  mail.warn               ?PerHostMailWarn
  mail.err                ?PerHostMailErr
  
  news.crit               ?PerHostNewsCrit
  news.err                ?PerHostNewsErr
  news.notice             -?PerHostNewsNotice
  
  *.=debug;\
    auth,authpriv.none;\
    news.none;mail.none   -?PerHostDebug
  
  *.=info;*.=notice;*.=warn;\
    auth,authpriv.none;\
    cron,daemon.none;\
    mail,news.none        -?PerHostMessages
  
  #
  # Stop processing of all non-local messages. You can process remote messages
  # on levels less than 35.
  #
  :fromhost-ip,!isequal,"127.0.0.1" stop
  

Client Configuration

UDPTCP

$ActionQueueType           LinkedList # use asynchronous processing
$ActionQueueFileName       srvrfwd01
$ActionResumeRetryCount    -1         # infinite retries on insert failure
$ActionQueueSaveOnShutdown on         # save in-memory data if rsyslog shuts down
$ActionQueueMaxDiskSpace   1G         # Don't use more than this much space for the queue

*.* @192.168.1.10:514

$ActionQueueType           LinkedList # use asynchronous processing
$ActionQueueFileName       srvrfwd01
$ActionResumeRetryCount    -1         # infinite retries on insert failure
$ActionQueueSaveOnShutdown on         # save in-memory data if rsyslog shuts down
$ActionQueueMaxDiskSpace   1G         # Don't use more than this much space for the queue

*.* @@192.168.1.10:514

Test config

rsyslogd -N 1 -f /etc/rsyslog.conf

Restart service

service rsyslog restart