syslog server

Setup central syslog server on raspberry pi 2 (and other debian based distros)

Central log server using rsyslog is an asset of your sysadmin life! It may get you on the surface on really critical failures when you manage xyz number of servers and some of them go down. In my case raspberry pi 2 with rasbian (debian wheezy for arm processors) does the job very well, without all the noise and power consumption of a server. You can follow the same steps on any other debian based distro. Login via ssh to your raspberry pi and follow the steps below.

Step 1: Install rsyslog

Step 2: Configure rsyslog server

Uncomment these lines, we are going to use TCP instead of UDP:

and add the following template (before “GLOBAL DIRECTIVES“):

This template should create a sub folder depending on remote machine’s full hostname (FQDN) and a log file named by the program name. If you noticed, I’ve mounted one of my HDDs via usb onto raspberry pi as I don’t want to write all those logs to my tiny SD memory card.

Finally, restart rsyslog daemon:

Step 3: configure syslog clients

Just one entry on every client should do the trick:

add this entry before “global directives” section:

Note: if you choose to use TCP, the domain of log server should be prefixed with @@ , if UDP is chosen instead, use one @ before the hostname.

and restart rsyslog daemon of your client:

Now you can go back to your log files folder and check the files being created, you can install tree command line utility ( sudo apt-get install tree)  to see the structure as it is below: