Setup rsyslog

From rdkwiki
Jump to: navigation, search

Intro

The steps below will configure a working rsyslog server. The steps assume that you have a (fresh) CentOS 7 server running.

MySQL installation

You can find how to install the MySQL database-server here: installing MySQL

Apache installation

You can find how to install the Apache webserver here: Installing Apache webserver

Download and install rsyslog

  • wget http://rpms.adiscon.com/v8-stable/rsyslog.repo --> download the rsyslog repository
  • mv rsyslog.repo /etc/yum.repos.d/ --> move the repo to the local repository
  • yum install rsyslog* --skip-broken --> install rsyslog
  • systemctl start rsyslog --> start the rsyslog server
  • systemctl enable rsyslog --> start the rsyslog server during boot

MySQL configuration

  • run the script /usr/share/doc/rsyslog-mysql-8.xx.x/createDB.sql on your MySQL-server. This will create the database for rsyslog.
  • create a user on your MySQL-server that's only allowed to access the new syslog database. (for example: grant all on Syslog.* to <user>@<host> identified by '<password>';)
  • reload rights on MySQL. (flush privileges;)

Firewall configuration

  • firewall-cmd --permanent --add-port=514/tcp --> allow port TCP/514 through firewall
  • firewall-cmd --permanent --add-port=514/udp --> allow port UDP/514 through firewall

Rsyslog configuration

  • nano /etc/rsyslog.conf --> edit the rsyslog configuration file
add: module(load="ommysql") below: #### MODULES #### --> enable MySQL module
uncomment: module(load="imudp") # needs to be done just once --> enable UDP
uncomment: input(type="imudp" port="514") --> enable UDP
uncomment: module(load="imtcp") # needs to be done just once --> enable TCP
uncomment: input(type="imtcp" port="514") --> enable TCP
add: *.* :ommysql:<host>,<databasename>,<user>,<password> below: ### begin forwarding rule ### --> forward entries to MySQL
  • systemctl restart rsyslog --> restart rsyslog with new configuration (tip: sometimes it only seems to work after a full reboot of the server.)