syslog server

Setup central syslog server on raspberry pi 2 (and other debian based distros)

Central log server using rsyslog is an asset of your sysadmin life! It may get you on the surface on really critical failures when you manage xyz number of servers and some of them go down. In my case raspberry pi 2 with rasbian (debian wheezy for arm processors) does the job very well, without all the noise and power consumption of a server. You can follow the same steps on any other debian based distro. Login via ssh to your raspberry pi and follow the steps below.

Step 1: Install rsyslog


Step 2: Configure rsyslog server


Uncomment these lines, we are going to use TCP instead of UDP:

and add the following template (before “GLOBAL DIRECTIVES“):

This template should create a sub folder depending on remote machine’s full hostname (FQDN) and a log file named by the program name. If you noticed, I’ve mounted one of my HDDs via usb onto raspberry pi as I don’t want to write all those logs to my tiny SD memory card.

Finally, restart rsyslog daemon:

Step 3: configure syslog clients


Just one entry on every client should do the trick:

add this entry before “global directives” section:

Note: if you choose to use TCP, the domain of log server should be prefixed with @@ , if UDP is chosen instead, use one @ before the hostname.

and restart rsyslog daemon of your client:

Now you can go back to your log files folder and check the files being created, you can install tree command line utility ( sudo apt-get install tree)  to see the structure as it is below:

 

 

 

 

Comment: