Rsyslog



Project for school. This needs cleaned up…

Using Fedora 15

Open Terminal

yum install nano

Disable SELinux

nano /etc/selinux/config/

Change

SELINUX=disabled

Reboot.

Open Terminal

nano /etc/rsyslog.conf

Uncomment:
$ModLoad imudp.so
$UDPServerRun 514

$ModLoad imtcp.so
$InputTCPServerRun 514

This loads the needed module and sets up a listening socket.

Add to allow any host and log the messages to the stated log file, then delete the data so it is not ALSO logged to /var/log/messages.

$UDPServerAddress 0.0.0.0
:fromhost-ip,startswith,”192.168.1.” /var/log/juniper.log

Restart the service

service rsyslog restart

Verify that the socket is listening.

netstat -tunlp | grep syslog

To test on client or Server:

echo “yo-Adrian” | nc -u (yourServersIP) 514

To log, on client modify

nano /etc/syslog.conf

*.* @(SERVERIP)

killall -HUP syslogd

Allow the output of UDP packets to the syslog server

iptables -A output -p udp -i eth0 -s 10.0.0.53 -d 10.0.0.210 –dport 514 -j ACCEPT