How to configure remote log servers with rsyslog?

👤 admin

🔴 Admin

✍️ The most important thing in the world is to not be alone.

⏳ Last active: 15 Apr 2025 at 16:01

📅 Created: 14 Feb 2021 at 12:39

👀 Viewed: 21 times

✉️ Send Email

Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IPnetwork. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, queued operations to handle offline outputs,^[2] support for different module outputs,^[3] flexible configuration options and adds features such as using TCP for transport.

Configuration:

pico /etc/rsyslog.conf

Uncomment

# provides UDP syslog reception

module(load="imudp")

input(type="imudp" port="514")

Add

#

# Include all config files in /etc/rsyslog.d/

#

$IncludeConfig /etc/rsyslog.d/*.conf

if $fromhost-ip startswith '10.20.26.5' then /var/log/switch-10-20-26-5.log

if $fromhost-ip startswith '10.20.6.12' then /var/log/switch-10-20-6-12.log

if $fromhost-ip startswith '10.20.' then /var/log/switches.log

Restart

/etc/init.d/rsyslog restart

Configure the remote switch maybe (like cisco sg300 or cisco 2960 or other)
with log server (the IP of your Linux machine) UDP port 514 Facility Local 7 Description if you like and minimum Severity Notice
If you want to access the logs with apache

chmod -R go+rX /var/log/

Here is a simple php script for apache /var/www/html/log.php

<?php

$output = shell_exec('tac /var/log/switches.log');

echo "<pre>$output</pre>";

?>