Central Syslog Server Configurations

Create Log Folders, where to save the logs

#Creating Logs Folder and Setting correct Permissions
â–¡ mkdir /var/log/network-logs
â–¡ chown syslog:adm /var/log/network-logs

#Creating Log's Archived Folder and Setting correct Permissions		
â–¡ mkdir	/var/log/network-logs/logs-archive
â–¡ chown syslog:adm /var/log/network-logs/logs-archive

â–¡ touch /etc/rsyslog.d/network-logs.conf

Create a Custom rsyslog config file to tell where to save the logs

/etc/rsyslog.d/network-logs.conf

## /etc/rsyslog.d/network-logs.conf
#################
#### MODULES ####
#################

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="5140")

#Custom template to generate the log filename dynamically based on the client's IP address or Hostname.
$template RemoteInputLogs, "/var/log/network-logs/%FROMHOST%.log"
*.* ?RemoteInputLogs

Adding a Rotation, so logs can be rotated after a defined criteria

/etc/logrotate.d/network-logs

/var/log/network-logs/*.log
{
        size 100M
        copytruncate
        create
        compress
        olddir /var/log/network-logs/logs-archive
        rotate 4
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}
PreviousHow to install Grafana, InfluxDB and Telegraf on Ubuntu 20.04 LTSNextFreeRadius

Last updated