harshdevx.com | infotech & infosec articles | tutorials | analytics
central log monitoring in linux
this took me quite some time to research and build. the configuration was simple but for no reason i was spending alot of time in getting this to work.
Section 1: infrastructure
my infrastructure looks something like below. you can configure any additional analysis/monitoring tools after the central logging server example splunk.
Step 1: configuring the rsyslog server
Step 2: based on your choice of TCP/UDP input stream, Step 3: choose your favourite text editor and edit rsyslog.conf file (my distribution is ubuntu)
Step 3: if you wish to use udp uncomment the udp sections and the rsyslog will start to listen on UDP.
Step 4: actually thats pretty much it. restart the rsyslog services and type 'netstat - ntlp4' if running TCP or 'netstat -nulp4' if running UDP you should see something like screenshot below
*** end of section 1 ***
Section 2: INCOMPLETE
concept and design: harshdevX