Comments on How to Setup Rsyslog Server on Ubuntu 18.04 LTS

In this tutorial, we will explain how to configure Rsyslog server on Ubuntu 18.04 server. Rsyslog is a powerful and secure system for log processing, the Rsyslog server receives logs over the network from several physical or virtualized servers and monitors the health of different services.

10 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Tomas
Reply  

Do you have to do anything with firewall ? To open ports ? I've seen in other related articles it is recommended to run these commands: ufw allow 514/tcp

ufw allow 514/udp

By: Ian
Reply  

I am on Ubuntu 18.04.3 LTS and my /etc/rsyslog.conf looks different. 

My "rsyslogd -v" looks the same as above (IE "rsyslogd 8.32.0", etc)

 

EG for loading the modules and port#s =

 

# provides UDP syslog reception

module(load="imudp")

input(type="imudp" port="514")

# provides TCP syslog reception

module(load="imtcp")

input(type="imtcp" port="514")

 

This site answers all that -

https://www.rsyslog.com/doc/v8-stable/configuration/index.html - for rsyslog docs

https://www.rsyslog.com/doc/v8-stable/configuration/input_directives/rsconf1_allowedsender.html?highlight=allowed

- the SenderAllowed is legacy and a firewall is the recommended option.

By: Dirk
Reply  

Ian is right, one has to uncomment the "new" lines: module(... and input(...

Furthermore the upper template example didn't work as long as U ised the line "& ~". Then the config check said something with "STOP"...

By: John
Reply  

Same here:

Mar 04 14:42:00 ubuntu_server rsyslogd[2496]: error during config processing: STOP is followed by unreachable statements!  [v8.32.0 try http://www.rsyslog.com/e/2207 ]

The problem must be the "& ~" line.

Does anyone have some clue?

By: Ray
Reply  

Thanks for the tutorial, it was very helpful. There is one typo on "systemtcl restart rsyslog" should be "systemctl restart rsyslog"

By: Ray
Reply  

Quick questions is the communication between server-client encrypted? 

By: Torkis Halomoan Daulay
Reply  

Sir, How I can reset file log in my device (Router and switch cisco) ?because it's been a year running, so I want to reset it to fetch new logsThanks....

By: Mandy Baxter
Reply  

You've got a minor Type-Oh! in

systemtcl restart rsyslog

By: Kit Cheng
Reply  

Hello Mr. Jethva,

Thank you for your article.  It was very helpful.  However, I ran into a problem after following your direction.  After I copied the $template directive into the rsyslog.conf file, it is doing what it supposed to do because I can see the new folder created by the hostname.  However, when I try to cd to the folder, I keep getting this "-bash: cd: foldername: Permission denied"

What do I need to do to be able to cd to the folder and see the log files in the folder?

Thank you

Kit

By: sdv
Reply  

systemtcl restart rsyslog, pls change tp systemctl