Version 5 (modified by 2 years ago) ( diff ) | ,
---|
Rsyslog Lab
In this lab, you will setup rsyslog server for syslog aggregation.
Requirements:
Participants are requested to have a computer with Windows 8/10/11 (8GB RAM, 25GB free disk space) with Virtualbox (version 6 or higher) hypervisor and PuTTY installed.
In Virtualbox, 'Extension pack' should be installed.
A wired internet connection is preferred.
Virtual Machine (VM) Setup
Download VM from the following Link.
https://docs.learn.ac.lk/index.php/s/YcojJ2544b40Zw4
Import the VM to Virtualbox.
Username and Password: docker
May have to create Virtualbox Host-Only Network Adapter
File > Host Network Manager > Create
Test internet connectivity.
Login to the VM as root user using PuTTY.
Setup Network
Connect all VMs to 'Internal Network'.
Settings > Network > Adpater 3
Find the 'Internal Network' network interface.
ip add
Edit network configuration.
vi /etc/netplan/00-installer-config.yaml
enp0s9: addresses : [10.1.1.1/24]
Repeat the above steps in each machine accordingly and test the network connectivity.
Rsyslog Server Setup
Uncomment the following lines in /etc/rsyslog.conf.
module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514")
Add the following lines to /etc/rsyslog.conf after the above last line. 192.168.56.0/24 is the rsyslog clients’ network. Replace it as needed.
AllowedSender TCP, 127.0.0.1, 192.168.56.0/24 $template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?remote-incoming-logs & ~
Restart rsyslog service
systemctl restart rsyslog
In Rsyslog Server Clients
Append the following to /etc/rsyslog.conf. Replace 192.168.56.10 with the log server IP address.
$PreserveFQDN on *.* @192.168.56.10:514 $ActionQueueFileName queue $ActionQueueMaxDiskSpace 1g $ActionQueueSaveOnShutdown on $ActionQueueType LinkedList $ActionResumeRetryCount -1
Restart rsyslog service
systemctl restart rsyslog
Attachments (1)
- internal net.png (31.0 KB ) - added by 2 years ago.
Download all attachments as: .zip