Configuration Procedure
Edit the /etc/rsyslog.conf file and uncomment the following lines to allow TCP syslog receipt:
#$ModLoad imtcp #$InputTCPServerRun 514
Check the file syntax:
# rsyslogd -N 1
Restart the rsyslog service:
# systemctl restart rsyslog
Add a new rule to the firewall configuration:
# firewall-cmd --permanent --add-port=514/tcp success
Alternatively, create the /etc/firewalld/services/rsyslog.xml (templates are available in the /usr/lib/firewalld/services directory) and paste the following lines:
<?xml version="1.0" encoding="utf-8"?> <service> <short>Rsyslog</short> <description>Rsyslog</description> <port protocol="tcp" port="514"/> </service>
Add a new service to the firewall:
# firewall-cmd --permanent --add-service=rsyslog success
In any case, reload the firewall configuration:
# firewall-cmd --reload success
Additional Resources
The Tecmint website provides a tutorial on How to Create a Centralized Log Server with Rsyslog in CentOS/RHEL 7.
Leave a Reply
You must be logged in to post a comment.