Monday, December 12, 2011

rsyslog: Enabling remote logging service in Ubuntu

Newer versions of Ubuntu (since 9.10 according to rsyslog wiki: http://wiki.rsyslog.com/index.php/Ubuntu) comes with rsyslog instead of sysklogd.  Was trying to enable it via the sysklogd way by adding the "-r" option in the startup script.  That obviously didn't work :)

What you'll need to do is just uncomment 2 lines in the /etc/rsyslog.conf file:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
That's if you want to provide UDP syslog service.  Uncomment the following 2 lines if you want to provide TCP syslog service:
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Once you've made the changes, either reload or restart the rsyslogd service:
myhost:/etc# /etc/init.d/rsyslog reload
Reloading enhanced syslogd: rsyslogd.
I've chose to enable UDP for my server.  We'll use netstat to check if rsyslogd is listening to the specified port:
myhost:/etc# netstat -tlnup | grep 514
udp        0      0 0.0.0.0:514             0.0.0.0:*                           13282/rsyslogd
udp6       0      0 :::514                  :::*                                13282/rsyslogd
rsyslogd is indeed listening to the proper port and protocol. 

Next stop, actual logging and probably more configuration :)

6 comments:

roberto said...

how i have to configure the /etc/rsyslog.conf file in the client-side? i have to insert the server address?

Mike said...

Hi roberto,

Please look at my other post here:

http://techtots.blogspot.com/2011/12/rsyslogd-logging-to-remote-server.html

HTH

DP3 said...

Thanks for this. It got me out of a quick bind.

Unknown said...

Hi, I followed your instructions with rsyslog V5.8.6 Ubuntu 12.04.

I configured udp and successfully ran the netstat cmd with the same out as you. I generated a syslog msg from a remote device and it is not being received.

syslog did show the following error message after the restart:rsyslogd-2039: Could not open output pipe '/dev/xconsole' [try http://www.rsyslog.com/e/2039 ]
I did check that out but didn't get very far.
Any ideas?

Unknown said...

Damn.... it started working???
Not sure why. Seems the error messages were just a red herring.

Thanks for your instructions!!!
Bob

Unknown said...

Damn, seems like the error message was a red herring.

Thanks for your instructions!!