step by step graylog remote source or client or host configuration

step by step graylog remote source or client or host configuration

Graylog Remote Source or Client or Host Configuration
log management tools, graylog remote source, graylog remote host configuration, rsyslog, graylog client configuration, full graylog2, graylog, centralised logging, open source log analysis, centralized logging open source, logs management, Open Source Log Monitoring, elasticsearch, graylog.org,
Step 1:

Install rsyslog packages

yum install rsyslog

log management tools, graylog remote source, graylog remote host configuration, rsyslog, graylog client configuration, full graylog2, graylog, centralised logging, open source log analysis, centralized logging open source, logs management, Open Source Log Monitoring, elasticsearch, graylog.org,


Step 2:

Configure rsyslog using template : open file and add at the bottom

vi /etc/rsyslog.conf

## For FQDN

$PreserveFQDN on

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


graylog-rsyslog1.png

## Graylog Log Template

$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %syslogtag%%msg%\n"


#Graylog Server With Port


*.* @172.17.20.100:5555;GRAYLOGRFC5424

graylog-rsyslog2.png

Here:

*.*  = all facility
@  = UDP   & @@ = TCP
172.17.20.100 = Graylog Server
5555 = Port
GRAYLOGRFC5424 = Rsyslog Template
               



Step 3:

Restart rsyslog service

systemctl restart rsyslog

systemctl enable rsyslog

Step 4:

Login on Graylog Server and check on Source tab, Look like


graylog-source.png

Graylog is a free open source & powerful  log management server, log management tools, graylog remote source, graylog remote host configuration, rsyslog, graylog client configuration, full graylog2, graylog, centralised logging, open source log analysis, centralized logging open source, logs management, Open Source Log Monitoring, elasticsearch, graylog.org,

Previous
Next Post »