Skip to main content

Configure remote logging

Hands-On Lab

 

Photo of Michael Christian

Michael Christian

Course Development Director in Content

Length

01:00:00

Difficulty

Intermediate

In this hands-on lab, you will configure remote logging from one server to another. The goal of this activity is to gain experience with being able to set up logging between servers. In this activity, you need to configure Server1 as the log host for Server2.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configure remote logging

Introduction

In this hands-on lab, you will configure remote logging from one server to another. The goal of this activity is to gain experience with being able to set up logging between servers.

In this activity, you need to configure Server1 as the log host for Server2.

Solution

Start by logging in to the lab servers using the credentials provided on the hands-on lab page:

ssh cloud_user@PUBLIC_IP_ADDRESS

Become the root user:

sudo su -

Be sure to log in to both Server1 and Server2 in separate tabs or windows.

Configure Server1 to receive logs

  1. Server1 will need to be configured to receive logs via TCP.

    vim /etc/rsyslog.conf
  2. Uncomment the following two lines within the # Provides TCP syslog reception section:

    $ModLoad imtcp
    $InputTCPServerRun 514
  3. Then, under the line starting with local7.* at the bottom of the file, add the following:

    $template DynFile,"/var/log/hosts/system-%HOSTNAME%.log"
    *.* -?DynFile
  4. Save and close the file:

    :wq
  5. Restart the rsyslog service.

    systemctl restart rsyslog
  6. Verify the host is listening on port 514.

    ss -lntp
  7. Open the firewall to permanently permit incoming traffic on TCP port 514 and reload it.

    firewall-cmd --permanent --add-port=514/tcp && firewall-cmd --reload

Configure Server2 to send logs to Server1

  1. Verify Server2 can connect to Server1 over TCP port 514.

  2. On Server2, modify the /etc/rsyslog.conf file.

    vim /etc/rsyslog.conf
  3. Uncomment the following lines in the ### begin forwarding rule ### section:

    $ActionQueueFileName fwdRule1 # unique name prefix for spool files
    $ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
    $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
    $ActionQueueType LinkedList   # run asynchronously
    $ActionResumeRetryCount -1    # infinite retries if host is down
  4. Uncomment the following line and edit as follows:

    *.* @@10.0.1.10:514
  5. Restart the rsyslog service.

    systemctl restart rsyslog

Verify logs are being sent to Server1

  1. On Server1 verify the /var/log/hosts directory was created and is being populated.

    ll /var/log/hosts   
  2. Use tail on the /var/log/hosts/system-ip-10-0-1-11.log file to see entries from Server2.

    tail -f /var/log/hosts/system-ip-10-0-1-11.log
  3. You can use the logger command to add entries to the log. On Server2, enter the following command 3 times:

    logger "THIS IS A TEST"
  4. Verify these entries are showing up in the log file on Server1.

Conclusion

Congratulations, you've completed this hands-on lab!