Setup rsyslog
From rdkwiki
Contents
Intro
The steps below will configure a working rsyslog server. The steps assume that you have a (fresh) CentOS 7 server running.
MySQL installation
You can find how to install the MySQL database-server here: installing MySQL
Apache installation
You can find how to install the Apache webserver here: Installing Apache webserver
Download and install rsyslog
- wget http://rpms.adiscon.com/v8-stable/rsyslog.repo --> download the rsyslog repository
- mv rsyslog.repo /etc/yum.repos.d/ --> move the repo to the local repository
- yum install rsyslog* --skip-broken --> install rsyslog
- systemctl start rsyslog --> start the rsyslog server
- systemctl enable rsyslog --> start the rsyslog server during boot
MySQL configuration
- run the script /usr/share/doc/rsyslog-mysql-8.xx.x/createDB.sql on your MySQL-server. This will create the database for rsyslog.
- create a user on your MySQL-server that's only allowed to access the new syslog database. (for example: grant all on Syslog.* to <user>@<host> identified by '<password>';)
- reload rights on MySQL. (flush privileges;)
rsyslog configuration
- nano /etc/rsyslog.conf --> edit the rsyslog configuration file
add: module(load="ommysql") below: #### MODULES #### --> enable MySQL module uncomment: module(load="imudp") # needs to be done just once --> enable UDP uncomment: input(type="imudp" port="514") --> enable UDP uncomment: module(load="imtcp") # needs to be done just once --> enable TCP uncomment: input(type="imtcp" port="514") --> enable TCP add: *.* :ommysql:<host>,<databasename>,<user>,<password> below: ### begin forwarding rule ### --> forward entries to MySQL
Firewall configuration
- firewall-cmd --permanent --add-port=514/tcp --> allow port TCP/514 through firewall
- firewall-cmd --permanent --add-port=514/udp --> allow port UDP/514 through firewall