Configure Rsyslog client to send local logs to remote Rsyslog Server

This video shows how to quickly configure Rsyslog as client and server, on CentOS 7. Rsyslog can be configured as central log storage server to receive remote syslogs.

Configuration steps recorded in my post: https://blog.51sec.org/2019/11/rsyslog-client-and-server-configuration.html

Commands are listing here as well:
[root@rsyslog-server1 ~]# sudo yum update && yum install rsyslog
[root@rsyslog-server1 ~]# systemctl start rsyslog
[root@rsyslog-server1 ~]# systemctl enable rsyslog
[root@rsyslog-server1 ~]# systemctl status rsyslog
[root@rsyslog-server1 ~]# setenforce Permissive
[root@rsyslog-server1 ~]# systemctl disable firewalld
[root@rsyslog-server1 ~]# systemctl stop firewalld
[root@rsyslog-server1 ~]# vim /etc/rsyslog.conf

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template RemoteLogs,”/var/log/%HOSTNAME%/%PROGRAMNAME%.log”
*.* ?RemoteLogs
& ~

[root@rsyslog-server1 ~]# systemctl restart rsyslog

====================================================================
If you found this video has some useful information, please give me a thumb up or
subscribe me to get more updates: https://www.youtube.com/c/Netsec?sub_confirmation=1

—————————————————————————————————————————————
Learning and Sharing all kinds of Cyber Security Knowledge for Cloud, Vulnerability Assessment, Risk Assessment, Threat Hunting, Policy Compliance, SIEM, Cisco, Checkpoint, F5, Juniper, Fortigate, Palo Alto, Vmware etc. – 海内存知己，天涯若比邻
http://51sec.org

source

by NetSec

windows server dns forwarder