Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-12-2012, 04:37 PM   #1
LQ Newbie
Registered: Jul 2012
Posts: 4

Rep: Reputation: Disabled
Setting up Central Syslog Server Using RHEL 5.8 and rsyslog

Hello, guys. I'm fairly inexperienced with Linux, and have almost no experience with Linux servers. I've been tasked with setting up a central syslog machine for a proof of concept. The requirements are as follows:

- Server is running RHEL 5.8
- Syslog daemon is rsyslog
- Multiple devices will send syslog messages to the server via UDP 514
- Incoming syslog messages should be stored in the filesystem in the following format:
- a new log file should be created for each hour
- the date format should preferably be YYYY-MM-DD and the hour should be in a 24 hour format

I've figured out that the config needs to be stored in /etc/rsyslog.conf and that I'm going to need to use a template. I've scoured the internet for a step by step guide for doing this and I haven't found anything that matches both rsyslog and RHEL - there are plenty for Debian and/or syslog-ng.

Thanks for any help or pointers!
Old 07-12-2012, 05:03 PM   #2
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
The reason why you see so many for RHEL/syslog-ng is because it was the standard until some part through the RedHat 5 family when rsyslog started to come in. If you follow the syslog-ng tutorials you will get where you want to go, all you will need to do is modify your steps to match the rsyslog config file locations and syntax.

I have setup an rsyslog central server but since it is for my company I cannot provide details on the setup steps. If you have questions along the way about config syntax, or specific directives or steps I'll be happy to help out.
Old 07-12-2012, 05:44 PM   #3
LQ Newbie
Registered: Jul 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for the response.

Lines in /etc/rsyslog.conf are:

$ModLoad imklog
$ModLoad imuxsock
$Modload imudp
$UDPServerRun 514
I believe I'm mainly having issues with getting the template set up. This is what I have so far:

$template FILENAME,"/path/%HOSTNAME%/%YEAR%/%DATE%-%HOSTNAME%-syslog.log"
I'm not sure if the date will be in YYYY-MM-DD format, or how to get the hour into the filename. Obviously there will also need to be a new log generated every hour.

Also, after the template, there's this entry:

Old 07-12-2012, 06:10 PM   #4
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Well, basically you tell rsyslog what type of events to log and to where, then you can forward your logs at the bottom of the conf file to a remote host.

You can use bash expansion with $(date %h-%d-%y) or however you want to set it, into the file name itself.
You can then add the following into the forwarding rule section:

 *.* @
Replace the with your IP and the 80 with the port. Looks like 514 in this case.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Send syslog log to rsyslog server? is possible? JohnV2 Slackware 9 10-13-2011 02:37 PM
[SOLVED] I can send syslog log to rsyslog server? how? JohnV2 Linux - Server 6 10-13-2011 09:55 AM
[SOLVED] syslog remote logging with rsyslog server Chenchu Linux - Newbie 3 09-17-2011 02:34 PM
LXer: Building A Central Loghost On CentOS And RHEL 5 With rsyslog LXer Syndicated Linux News 0 01-12-2011 05:30 PM
Central Log Server using syslog-ng sakthi.s Linux - Security 3 12-26-2007 06:04 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:38 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration