Changes between Version 2 and Version 3 of Csle2022/Agenda/rSyslog

Timestamp:

Oct 27, 2022, 4:35:28 PM (3 years ago)

Author:

dushmantha

Comment:

--

Csle2022/Agenda/rSyslog

@@ -12 +12 @@
 
 A wired internet connection is preferred.
+
+'''Virtual Machine (VM) Setup'''
+
+Download VM from the following Link.
+
+​https://docs.learn.ac.lk/index.php/s/YcojJ2544b40Zw4
+
+Import the VM to Virtualbox.[[BR]]
+
+Username and Password: docker[[BR]]
+
+May have to create Virtualbox Host-Only Network Adapter[[BR]]
+
+{{{
+File > Host Network Manager > Create
+}}}
+
+Test internet connectivity.[[BR]]
+
+Login using PuTTY.
+
+
+
+'''Setup Network''' 
+
+'''Rsyslog Server Setup''' 
+
+Login to the VM as root user using PuTTY. 
+
+Uncomment the following lines in /etc/rsyslog.conf.
+
+{{{
+module(load="imudp")
+input(type="imudp" port="514")
+module(load="imtcp")
+input(type="imtcp" port="514")
+}}}
+
+
+Add the following lines to /etc/rsyslog.conf after the above last line. 192.168.56.0/24 is the rsyslog clients’ network. Replace it as needed.
+
+{{{
+AllowedSender TCP, 127.0.0.1, 192.168.56.0/24
+$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
+*.* ?remote-incoming-logs
+& ~
+}}}
+
+Restart rsyslog service
+
+{{{
+systemctl restart rsyslog
+}}}
+
+'''In Rsyslog Server Clients'''
+
+Append the following to /etc/rsyslog.conf.  Replace 192.168.56.10 with the log server IP address.
+
+{{{
+$PreserveFQDN on
+*.* @192.168.56.10:514
+$ActionQueueFileName queue
+$ActionQueueMaxDiskSpace 1g
+$ActionQueueSaveOnShutdown on
+$ActionQueueType LinkedList
+$ActionResumeRetryCount -1
+}}}
+
+Restart rsyslog service
+
+{{{
+systemctl restart rsyslog
+}}}