Configuring an Rsyslog Server

Owned by Rumena Zlatkova (Deactivated)
Last updated: Dec 12, 2023 by Bala Harish A(AC)
1 min read

Configure a rsyslog server running the RHEL or CentOS operating system to accept incoming syslog messages from Swarm.

See the rsyslog man page or the rsyslog documentation.

To configure the syslog server:

  1. Log in as a user with root privileges.

  2. Execute the following command:

    vim /etc/rsyslog.conf

  3. In the rsyslog.conf file, comment out the following lines to accept inbound UDP connections on port 514:

    $ModLoad imudp.so $UDPServerRun 514

  4. Edit the file so the timestamp and IP address of incoming syslog messages appear.

  5. Locate the following text:

    #### GLOBAL DIRECTIVES #### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

  6. Change this text to the following:

  7. Create a log file for each Swarm product by configuring a log file per logging facility:

Optional

This step is optional.

  1. Create a log file based on any desired string in the log message using the :msg parameter.
    For example, to create a log file that only includes messages with the word "Trims", use this format:

    The result matches the following messages:

Optional

This step is optional.

  1. Check iptables and Security-Enhanced Linux (SELinux) to verify inbound port 514 is not blocked.

  2. Restart the rsyslog process: 

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.