Search
Close this search box.

How to Install and Configure rsyslog Server Ubuntu 22.04

Table of Contents

If you’re managing a bunch of servers, keeping track of all those logs can get messy fast. That’s where an rsyslog server comes in handy! Rsyslog is like your personal log collector, helping you gather, process, and filter logs from various systems in one spot. In this guide, we’ll walk you through the steps to install and configure an rsyslog server on Ubuntu 22.04. Whether you’re looking to keep an eye on your network, troubleshoot issues, or just get a handle on all that log data, setting up rsyslog is a great place to start. Let’s dive in!

 

To begin, ensure that you have a VPSie account set up. If not, create one first. Then, deploy two Ubuntu 22.04 servers, tailored to your specific requirements. One server will be designated as the syslog server, and the other will be used as the client.

 

Setting Up the rsyslog Server

Ensure that your server is up to date:

sudo apt update
sudo apt upgrade -y

 

 

Install the rsyslog package from the default repositories:

sudo apt install rsyslog -y

 

 

 

Edit the rsyslog configuration file to enable the server to accept logs from remote clients. Open the configuration file:

sudo nano /etc/rsyslog.conf

 

 

Find and uncomment the following lines to enable UDP and TCP listeners:

module(load="imudp") # UDP listener
input(type="imudp" port="514")
module(load="imtcp") # TCP listener
input(type="imtcp" port="514")

 

 

If you would like to limit access from to specific subnet, IP or domain, add like below. Replace IP-SUBNET with the appropriate subnet address for the incoming logs.

AllowedSender TCP, 127.0.0.1, IP-SUBNET/24, *.example.com
AllowedSender UDP, 127.0.0.1, IP-SUBNET/24, *.example.com

 

You can add above line after input(type=”imtcp” port=”514″) line for TCP and do the same for UDP as well. Remember to substitute given values with correct ones.

 

 

Let’s create a template that will instruct rsyslog server how to store incoming syslog messages. Add the template just before GLOBAL DIRECTIVES section:

 

$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
*.* ?remote-incoming-logs
& ~

 

 

The & ~ instructs rsyslog daemon to store the log message only to a specified file. Other variables that can be used include:

%syslogseverity%, %syslogfacility%, %timegenerated%, %HOSTNAME%, %syslogtag%, %msg%, %FROMHOST-IP%, %PRI%, %MSGID%, %APP-NAME%, %TIMESTAMP%, %$year%, %$month%, %$day%

 

 

Restart rsyslog service for the changes to take effect:

sudo systemctl restart rsyslog

 

 

Ensure rsyslog starts automatically on system boot:

sudo systemctl enable rsyslog

 

Confirm if the service is listening on configured ports:

ss -tunelp | grep 514

Configuring the rsyslog Client

Update the client server to ensure it has the latest packages:

sudo apt update
sudo apt upgrade -y

 

 

Install rsyslog on the client server:

sudo apt install rsyslog -y

 

 

Edit the rsyslog configuration file on the client to specify the log server’s IP address:

 

Open the configuration file:

sudo nano /etc/rsyslog.conf

 

 

Add remote rsyslog server at the end:

*.*   @SERVER_IP:514

 

For TCP (more reliable but requires additional configuration), use:

*.*   @@SERVER_IP:514

 

 

Restart the rsyslog service to apply the configuration changes:

sudo systemctl restart rsyslog

 

 

Ensure rsyslog starts on boot:

sudo systemctl enable rsyslog

Check the log file on the server to ensure the test log entry is recorded.

 

You have successfully installed and configured rsyslog on Ubuntu 22.04. Your server is now set up to receive and store logs from the client, centralizing your log management. You can further customize the configuration based on your specific requirements.

Make a Comment
{{ reviewsTotal }}{{ options.labels.singularReviewCountLabel }}
{{ reviewsTotal }}{{ options.labels.pluralReviewCountLabel }}
{{ options.labels.newReviewButton }}
{{ userData.canReview.message }}
Share on
Facebook
Twitter
LinkedIn
Print
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.