Comments on How to setup rsyslog for Centralized Log Management
This tutorial explains how to setup rsyslog as a centralized log management server on RedHat Linux based OS like CentOS. Centralized log management means to collect all sorts of logs from several physical or virtualized servers on one log server to monitor the health and security of the server services. We use rsyslog in this tutorial because it offers high-performance, great security and a modular design.
6 Comment(s)
Comments
You might want to switch to using relp protocol with tls certificates so you won't be sending your logs in cleartext over udp connections:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html
http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html
Disabling SELinux is neither necessary for this as all you might have to do is add the port being used to syslog_tls_port_t type.
Are you going to start using SELinux and firewall rules at all?
I agree, you should be moving away from 514/UDP to syslog-tls (6514/tcp), or atleast syslog-conn(601/tcp), and be configuring the reliable delivery of the syslog data.
Also why are you not using the rsyslog package provided with the Oracle/CentOS/RedHat base distribution, other than it may be slightly out of date?
The rsyslog package should already have the proper rules for all the possible valid ports configured for SELinux.
Great suggestion guys !
As for this exercise I use EL 6.4 therefore the bundled rsyslog package are 2 version late than I used on above.
I've always had a problem with people who disable SELinux. A security package is there for a reason. Instead of disabling it, we should be learning how to make things work with it enforcing. By they way, if you take a Red Hat Certification Exam, SELinux must be enabled in order to pass the test.
Hey guys, have you tried NXLog log management system? It has a Community Edition which is free, open source and highly scalable, might worth to give it a try if you are in need of a multi-platform log management solution. (link: https://nxlog.co/products/nxlog-community-edition)