Support
 
Support Get Quote
 
 
 
 
 
Email Download Link

How to configure centralized syslog server on CentOs machine?

Last updated on:

In this page

How to configure a centralized syslog server on CentOs

Analyzing syslogs generated by the Linux/Unix systems and other network devices is one of the important activities of a security admin. To perform this efficiently, admins often centralize the syslog collection. This document elaborates the steps to configure a CentOS system as a centralized rsyslog collection server.

  • Rsyslog is installed on CentOS 8 by default. To check this, enter the following command in your terminal, 
                    $ systemctl status rsyslog
  • If you don't find the status of rsyslog as Active: active (running), enter the following command in your terminal to install it, 
                        $ sudo yum install rsyslog.
  • To receive syslogs from other devices over UDP and TCP protocol, you need to uncomment the appropriate lines in /etc/rsyslog.conf to enable TCP and UDP connections,
    • To use UDP protocol, uncomment the following lines: 
                          module(load="imudp")  #needs to be done just once
                    input(type="imudp" port="514")

    • To use TCP protocol, uncomment the following lines:

                          module(load="imtcp")  #needs to be done just once
                    input(type="imtcp" port="514")
      Note:

      Port 514 is the default port of UDP and TCP. At anytime, you can change this port number.

  • Save the configuration and exit.
  • Ensure that client machines can identify and communicate with the configured rsyslog CentOS server. To enable communication, you need to open the port 514 on your firewall using the following command: 
                        $ sudo firewall-cmd  --add-port=514/tcp  --zone=public  --permanent
  • Reload the firewall to save changes using the below command, 
                        $ sudo firewall-cmd  --reload
  • Now restart the rsyslog CentOS server and enter the following command to check if Rsyslog server is listening on port 514, 
                        $ sudo netstat  -pnltu
  • You will find that the state of port 514 is set to LISTEN.

You have successfully configured the centralized Syslog collection server that runs on CentOS. To view the logs collected in real time, run the following command in your rsyslog server:

            $ tail  -f var/log/messages.

How to monitor rsyslog files?

It is essential to monitor syslog files as they can provide valuable insights about network activities. They can provide all information on any event, like the IP involved, the timestamp of the event, the activity carried out and critical changes made to any system. Manually monitoring rsyslog files can be tedious and ineffective in terms of analyzing the syslogs. Monitoring the rsyslog files using a log management solution can provide in-depth analysis of your logs.

EventLog Analyzer, an effective log management solution, can collect, parse, index and analyze the voluminous rsyslog data and generate intuitive reports. Any malicious activity will be flagged as a threat and a real-time alert can be raised via SMS/email to notify IT security admins of an impending attack.

EventLog Analyzer can work seamlessly with your CentOS syslog server to provide real-time monitoring and comprehensive analysis.

Download 30-day, free trial Get demo

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Infosys
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank
TestimonialsCase Studies

Awards and Recognitions

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
A Single Pane of Glass for Comprehensive Log Management
Log ManagementLog AnalysisIT ComplianceSIEMQuick LinksRelated Products

A Single Pane of Glass for Comprehensive Threat Management

Free Trial Get Quote
Email Download Link