document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-03 23:40:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

translated

Browse Source
This commit is contained in:
geekpi 2019-10-24 08:51:07 +08:00
parent 80138109ff
commit b4239d29e2
2 changed files with 207 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
sources/tech/20191018 How to Configure Rsyslog Server in CentOS 8 - RHEL 8.md
View File

@ -1,210 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Configure Rsyslog Server in CentOS 8 / RHEL 8)
[#]: via: (https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/)
[#]: author: (James Kiarie https://www.linuxtechi.com/author/james/)
How to Configure Rsyslog Server in CentOS 8 / RHEL 8
======
**Rsyslog** is a free and opensource logging utility that exists by default on  **CentOS** 8 and **RHEL** 8 systems. It provides an easy and effective way of **centralizing logs** from client nodes to a single central server. The centralization of logs is beneficial in two ways. First,  it simplifies viewing of logs as the Systems administrator can view all the logs of remote servers from a central point without logging into every client system to check the logs. This is greatly beneficial if there are several servers that need to be monitored and secondly, in the event that a remote client suffers a crash, you need not worry about losing the logs because all the logs will be saved on the **central rsyslog server**. Rsyslog has replaced syslog which only supported **UDP** protocol. It extends the basic syslog protocol with superior features such as support for both **UDP** and **TCP** protocols in transporting logs, augmented filtering abilities, and flexible configuration options. That said, lets explore how to configure the Rsyslog server in CentOS 8 / RHEL 8 systems.
[![configure-rsyslog-centos8-rhel8][1]][2]
### Prerequisites
We are going to have the following lab setup to test the centralized logging process:
* **Rsyslog server**       CentOS 8 Minimal    IP address: 10.128.0.47
* **Client system**         RHEL 8 Minimal      IP address: 10.128.0.48
From the setup above, we will demonstrate how you can set up the Rsyslog server and later configure the client system to ship logs to the Rsyslog server for monitoring.
Lets get started!
### Configuring the Rsyslog Server on CentOS 8
By default, Rsyslog comes installed on CentOS 8 / RHEL 8 servers. To verify the status of Rsyslog, log in via SSH and issue the command:
```
$ systemctl status rsyslog
```
Sample Output
![rsyslog-service-status-centos8][1]
If rsyslog is not present for whatever reason, you can install it using the command:
```
$ sudo yum install rsyslog
```
Next, you need to modify a few settings in the Rsyslog configuration file. Open the configuration file.
```
$ sudo vim /etc/rsyslog.conf
```
Scroll and uncomment the lines shown below to allow reception of logs via UDP protocol
```
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
```
![rsyslog-conf-centos8-rhel8][1]
Similarly, if you prefer to enable TCP rsyslog reception uncomment the lines:
```
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
```
![rsyslog-conf-tcp-centos8-rhel8][1]
Save and exit the configuration file.
To receive the logs from the client system,  we need to open Rsyslog default port 514 on the firewall. To achieve this, run
```
# sudo firewall-cmd --add-port=514/tcp --zone=public --permanent
```
Next, reload the firewall to save the changes
```
# sudo firewall-cmd --reload
```
Sample Output
![firewall-ports-rsyslog-centos8][1]
Next, restart Rsyslog server
```
$ sudo systemctl restart rsyslog
```
To enable Rsyslog on boot, run beneath command
```
$ sudo systemctl enable rsyslog
```
To confirm that the Rsyslog server is listening on port 514, use the netstat command as follows:
```
$ sudo netstat -pnltu
```
Sample Output
![netstat-rsyslog-port-centos8][1]
Perfect! we have successfully configured our Rsyslog server to receive logs from the client system.
To view log messages in real-time run the command:
```
$ tail -f /var/log/messages
```
Lets now configure the client system.
### Configuring the client system on RHEL 8
Like the Rsyslog server, log in and check if the rsyslog daemon is running by issuing the command:
```
$ sudo systemctl status rsyslog
```
Sample Output
![client-rsyslog-service-rhel8][1]
Next, proceed to open the rsyslog configuration file
```
$ sudo vim /etc/rsyslog.conf
```
At the end of the file, append the following line
```
*.* @10.128.0.47:514 # Use @ for UDP protocol
*.* @@10.128.0.47:514 # Use @@ for TCP protocol
```
Save and exit the configuration file. Just like the Rsyslog Server, open port 514 which is the default Rsyslog port on the firewall
```
$ sudo firewall-cmd --add-port=514/tcp --zone=public --permanent
```
Next, reload the firewall to save the changes
```
$ sudo firewall-cmd --reload
```
Next,  restart the rsyslog service
```
$ sudo systemctl restart rsyslog
```
To enable Rsyslog on boot, run following command
```
$ sudo systemctl enable rsyslog
```
### Testing the logging operation
Having successfully set up and configured Rsyslog Server and client system, its time to verify of your configuration is working as intended.
On the client system issue the command:
```
# logger "Hello guys! This is our first log"
```
Now head out to the Rsyslog server and run the command below to check the logs messages in real-time
```
# tail -f /var/log/messages
```
The output from the command run on the client system should register on the Rsyslog servers log messages to imply that the  Rsyslog server is now receiving logs from the client system.
![centralize-logs-rsyslogs-centos8][1]
And thats it, guys! We have successfully setup the Rsyslog server to receive log messages from a client system.
Read Also: **[How to Setup Multi Node Elastic Stack Cluster on RHEL 8 / CentOS 8][3]**
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/
作者:[James Kiarie][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/james/
[b]: https://github.com/lujun9972
[1]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[2]: https://www.linuxtechi.com/wp-content/uploads/2019/10/configure-rsyslog-centos8-rhel8.jpg
[3]: https://www.linuxtechi.com/setup-multinode-elastic-stack-cluster-rhel8-centos8/

207
translated/tech/20191018 How to Configure Rsyslog Server in CentOS 8 - RHEL 8.md Normal file
View File

@ -0,0 +1,207 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Configure Rsyslog Server in CentOS 8 / RHEL 8)
[#]: via: (https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/)
[#]: author: (James Kiarie https://www.linuxtechi.com/author/james/)
如何在 CentOS 8 / RHEL 8 中配置 Rsyslog 服务器
======
**Rsyslog** 是一个免费的开源日志记录程序,默认下在 **CentOS** 8 和 **RHEL** 8 系统上存在。它提供了一种从客户端节点到单个中央服务器的“集中日志”的简单有效的方法。日志集中化有两个好处。首先,它简化了日志查看,因为系统管理员可以在一个中心节点查看远程服务器的所有日志,而无需登录每个客户端系统来检查日志。如果需要监视多台服务器,这将非常有用,其次,如果远程客户端崩溃,你不用担心丢失日志,因为所有日志都将保存在**中央 rsyslog 服务器上**。Rsyslog 取代了仅支持 **UDP** 协议的 syslog。它以优异的功能扩展了基本的 syslog 协议,例如在传输日志时支持 **UDP** 和 **TCP**协议,增强的过滤功能以及灵活的配置选项。让我们来探讨如何在 CentOS 8 / RHEL 8 系统中配置 Rsyslog 服务器。
[![configure-rsyslog-centos8-rhel8][1]][2]
### 预先条件
我们将搭建以下实验环境来测试集中式日志记录过程:
* **Rsyslog 服务器**       CentOS 8 Minimal    IP 地址: 10.128.0.47
* **客户端系统**         RHEL 8 Minimal      IP 地址: 10.128.0.48
通过上面的设置,我们将演示如何设置 Rsyslog 服务器,然后配置客户端系统以将日志发送到 Rsyslog 服务器进行监视。
让我们开始!
### 在 CentOS 8 上配置 Rsyslog 服务器
默认情况下Rsyslog 已安装在 CentOS 8 / RHEL 8 服务器上。要验证 Rsyslog 的状态,请通过 SSH 登录并运行以下命令:
```
$ systemctl status rsyslog
```
示例输出
![rsyslog-service-status-centos8][1]
如果由于某种原因不存在 rsyslog那么可以使用以下命令进行安装
```
$ sudo yum install rsyslog
```
接下来,你需要修改 Rsyslog 配置文件中的一些设置。打开配置文件。
```
$ sudo vim /etc/rsyslog.conf
```
滚动并取消注释下面的行,以允许通过 UDP 协议接收日志
```
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
```
![rsyslog-conf-centos8-rhel8][1]
同样,如果你希望启用 TCP rsyslog 接收,请取消注释下面的行:
```
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
```
![rsyslog-conf-tcp-centos8-rhel8][1]
保存并退出配置文件。
要从客户端系统接收日志,我们需要在防火墙上打开 Rsyslog 默认端口 514。为此请运行
```
# sudo firewall-cmd --add-port=514/tcp --zone=public --permanent
```
接下来,重新加载防火墙保存更改
```
# sudo firewall-cmd --reload
```
示例输出
![firewall-ports-rsyslog-centos8][1]
接下来,重启 Rsyslog 服务器
```
$ sudo systemctl restart rsyslog
```
要在启动时运行 Rsyslog运行以下命令
```
$ sudo systemctl enable rsyslog
```
要确认 Rsyslog 服务器正在监听 514 端口,请使用 netstat 命令,如下所示:
```
$ sudo netstat -pnltu
```
示例输出
![netstat-rsyslog-port-centos8][1]
完美!我们已经成功配置了 Rsyslog 服务器来从客户端系统接收日志。
要实时查看日志消息,请运行以下命令:
```
$ tail -f /var/log/messages
```
现在开始配置客户端系统。
### 在 RHEL 8 上配置客户端系统
与 Rsyslog 服务器一样,登录并通过以下命令检查 rsyslog 守护进程是否正在运行:
```
$ sudo systemctl status rsyslog
```
示例输出
![client-rsyslog-service-rhel8][1]
接下来,打开 rsyslog 配置文件
```
$ sudo vim /etc/rsyslog.conf
```
在文件末尾,添加以下行
```
*.* @10.128.0.47:514 # Use @ for UDP protocol
*.* @@10.128.0.47:514 # Use @@ for TCP protocol
```
保存并退出配置文件。就像 Rsyslog 服务器一样,打开 514 端口,这是防火墙上的默认 Rsyslog 端口。
```
$ sudo firewall-cmd --add-port=514/tcp --zone=public --permanent
```
接下来,重新加载防火墙以保存更改
```
$ sudo firewall-cmd --reload
```
接下来,重启 rsyslog 服务
```
$ sudo systemctl restart rsyslog
```
要在启动时运行 Rsyslog请运行以下命令
```
$ sudo systemctl enable rsyslog
```
### 测试日志记录操作
已经成功安装并配置 Rsyslog 服务器和客户端后,就该验证你的配置是否按预期运行了。
在客户端系统上,运行以下命令:
```
# logger "Hello guys! This is our first log"
```
现在进入 Rsyslog 服务器并运行以下命令来实时查看日志消息
```
# tail -f /var/log/messages
```
客户端系统上命令运行的输出显示在了 Rsyslog 服务器的日志中,这意味着 Rsyslog 服务器正在接收来自客户端系统的日志。
![centralize-logs-rsyslogs-centos8][1]
就是这些了!我们成功设置了 Rsyslog 服务器来接收来自客户端系统的日志信息。
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/configure-rsyslog-server-centos-8-rhel-8/
作者:[James Kiarie][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/james/
[b]: https://github.com/lujun9972
[1]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[2]: https://www.linuxtechi.com/wp-content/uploads/2019/10/configure-rsyslog-centos8-rhel8.jpg