twitter |   ||  email | PGP --> harshal @

r00tan4lyt1csgalleryabout m3

central log monitoring in linux

this took me quite some time to research and build. the configuration was simple but for no reason i was spending alot of time in getting this to work.

Section 1: infrastructure

my infrastructure looks something like below. you can configure any additional analysis/monitoring tools after the central logging server example splunk.

Step 1: configuring the rsyslog server

Step 2: based on your choice of TCP/UDP input stream, Step 3: choose your favourite text editor and edit rsyslog.conf file (my distribution is ubuntu)

Step 3: if you wish to use udp uncomment the udp sections and the rsyslog will start to listen on UDP.

Step 4: actually thats pretty much it. restart the rsyslog services and type 'netstat - ntlp4' if running TCP or 'netstat -nulp4' if running UDP you should see something like screenshot below

*** end of section 1 ***


concept and design: harshdevX