Servidor RSYSLOG

Montar un servidor de logs con rsyslog

Editamos el fichero /etc/rsyslog.conf en el servidor y descomentamos estas líneas, o solo la del protocolo que queramos usar, TCP o UDP.

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

Ahora añadimos esta linea, definiendo la ruta donde queremos ver los logs de los clientes.

## Client logs files
$template RemoteLogs,"/root/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs

Guardamos los cambios y reiniciamos el servicio rsyslog

systemctl restart rsyslog

Comprobamos si se ha reiniciado correctamente

systemctl status rsyslog

● rsyslog.service - System Logging Service
     Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-05-26 13:14:37 CEST; 10s ago
TriggeredBy: ● syslog.socket
       Docs: man:rsyslogd(8)
             man:rsyslog.conf(5)
             https://www.rsyslog.com/doc/
   Main PID: 65551 (rsyslogd)
      Tasks: 10 (limit: 2204)
     Memory: 1.1M
        CPU: 27ms
     CGroup: /system.slice/rsyslog.service
             └─65551 /usr/sbin/rsyslogd -n -iNONE

May 26 13:14:37 RasPi systemd[1]: Starting System Logging Service...
May 26 13:14:37 RasPi rsyslogd[65551]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [
v8.2102.0]
May 26 13:14:37 RasPi rsyslogd[65551]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="65551" x-info="https://www.r
syslog.com"] start
May 26 13:14:37 RasPi systemd[1]: Started System Logging Service.

Ahora configuramos los clientes, añadimos esta linea poniendo la IP del servidor donde tenemos el rsyslog y reiniciamos el servicio.

*.*  @IP_SERVER_RSYSLOG:514

Ahora podremos ver en la ruta definida como los clientes empiezan a mandar los logs, ordenados por cliente y servicios

root@RasPi:~/rsyslog# ll
total 12
drwx------ 2 root root 4096 May 26 12:36 nanoPiDNS
drwx------ 2 root root 4096 May 25 14:17 RT-AX88U_Pro
drwx------ 2 root root 4096 May 26 01:06 antminer_l3+
root@RasPi:~/rsyslog# ls -l RT-AX88U_Pro/
total 460
-rw-r--r-- 1 root root    74 May 25 14:16  BONDING.log
-rw-r--r-- 1 root root   228 May 25 14:16  BWDPI.log
-rw-r--r-- 1 root root   237 May 25 14:16  FTP_Server.log
-rw-r--r-- 1 root root    92 May 25 14:16 "Let's_Encrypt.log"
-rw-r--r-- 1 root root   133 May 25 14:16  Mastiff.log
-rw-r--r-- 1 root root   158 May 25 14:16  RT-AX88U_Pro.log
-rw-r--r-- 1 root root   668 May 25 14:17  Samba_Server.log
-rw-r--r-- 1 root root   240 May 25 14:16  Timemachine.log
-rw-r--r-- 1 root root   182 May 25 14:16  WAN_Connection.log
-rw-r--r-- 1 root root   164 May 25 14:15  WEBDAV_Server.log
-rw-r--r-- 1 root root 11883 May 26 13:07  acsd.log
-rw-r--r-- 1 root root  5765 May 25 14:16  avahi-daemon.log
-rw-r--r-- 1 root root   180 May 25 14:17  awsiot.log
-rw-r--r-- 1 root root   361 May 25 14:16  cfg_server.log
-rw-r--r-- 1 root root   105 May 25 14:17  crond.log
-rw-r--r-- 1 root root   260 May 25 14:16  ddns.log
-rw-r--r-- 1 root root   282 May 25 14:16  disk_monitor.log
-rw-r--r-- 1 root root 91743 May 26 12:58  dnsmasq-dhcp.log
-rw-r--r-- 1 root root   161 May 25 14:16  dnsmasq-script.log
-rw-r--r-- 1 root root 12840 May 26 01:18  dnsmasq.log
-rw-r--r-- 1 root root   529 May 26 01:47  dropbear.log
-rw-r--r-- 1 root root    93 May 25 14:15  haveged.log
-rw-r--r-- 1 root root 85114 May 26 13:16  hostapd.log
-rw-r--r-- 1 root root   112 May 25 14:16  hotplug.log
-rw-r--r-- 1 root root    82 May 25 14:16  hour_monitor.log
-rw-r--r-- 1 root root   188 May 25 14:16  httpd.log
-rw-r--r-- 1 root root   225 May 25 14:16  iTunes.log
-rw-r--r-- 1 root root   353 May 25 14:16  inadyn.log
-rw-r--r-- 1 root root   122 May 25 14:16  init.log
-rw-r--r-- 1 root root  6295 May 25 17:41  kernel.log
-rw-r--r-- 1 root root    95 May 25 14:16  lldpcli.log
-rw-r--r-- 1 root root  1580 May 25 14:16  lldpd.log
-rw-r--r-- 1 root root   972 May 25 14:16  networkmap.log
-rw-r--r-- 1 root root   209 May 25 14:16  ntpd.log
-rw-r--r-- 1 root root 17049 May 26 02:32  ovpn-server1.log
-rw-r--r-- 1 root root  1866 May 25 14:16  pppd.log
-rw-r--r-- 1 root root  1863 May 26 01:18  rc_service.log
-rw-r--r-- 1 root root    75 May 25 14:16  roamast.log
-rw-r--r-- 1 root root  1002 May 26 01:18  stubby.log
-rw-r--r-- 1 root root   103 May 25 14:16  usb.log
-rw-r--r-- 1 root root    81 May 25 14:16  wan.log
-rw-r--r-- 1 root root 58834 May 26 12:35  wlceventd.log
-rw-r--r-- 1 root root   906 May 25 14:17  wsdd2.log
-rw-r--r-- 1 root root    87 May 25 14:17  zcip_client.log

PreviousReducir tamaño imagen .img de un backup de la SD NextDeshabilitar el ahorro de energia en WiFi

Last updated 1 year ago

systemctl status rsyslog ● rsyslog.service - System Logging Service Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2023-05-26 13:14:37 CEST; 10s ago TriggeredBy: ● syslog.socket Docs: man:rsyslogd(8) man:rsyslog.conf(5) https://www.rsyslog.com/doc/ Main PID: 65551 (rsyslogd) Tasks: 10 (limit: 2204) Memory: 1.1M CPU: 27ms CGroup: /system.slice/rsyslog.service └─65551 /usr/sbin/rsyslogd -n -iNONE May 26 13:14:37 RasPi systemd[1]: Starting System Logging Service... May 26 13:14:37 RasPi rsyslogd[65551]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [ v8.2102.0] May 26 13:14:37 RasPi rsyslogd[65551]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="65551" x-info="https://www.r syslog.com"] start May 26 13:14:37 RasPi systemd[1]: Started System Logging Service.

root@RasPi:~/rsyslog# ll total 12 drwx------ 2 root root 4096 May 26 12:36 nanoPiDNS drwx------ 2 root root 4096 May 25 14:17 RT-AX88U_Pro drwx------ 2 root root 4096 May 26 01:06 antminer_l3+ root@RasPi:~/rsyslog# ls -l RT-AX88U_Pro/ total 460 -rw-r--r-- 1 root root 74 May 25 14:16 BONDING.log -rw-r--r-- 1 root root 228 May 25 14:16 BWDPI.log -rw-r--r-- 1 root root 237 May 25 14:16 FTP_Server.log -rw-r--r-- 1 root root 92 May 25 14:16 "Let's_Encrypt.log" -rw-r--r-- 1 root root 133 May 25 14:16 Mastiff.log -rw-r--r-- 1 root root 158 May 25 14:16 RT-AX88U_Pro.log -rw-r--r-- 1 root root 668 May 25 14:17 Samba_Server.log -rw-r--r-- 1 root root 240 May 25 14:16 Timemachine.log -rw-r--r-- 1 root root 182 May 25 14:16 WAN_Connection.log -rw-r--r-- 1 root root 164 May 25 14:15 WEBDAV_Server.log -rw-r--r-- 1 root root 11883 May 26 13:07 acsd.log -rw-r--r-- 1 root root 5765 May 25 14:16 avahi-daemon.log -rw-r--r-- 1 root root 180 May 25 14:17 awsiot.log -rw-r--r-- 1 root root 361 May 25 14:16 cfg_server.log -rw-r--r-- 1 root root 105 May 25 14:17 crond.log -rw-r--r-- 1 root root 260 May 25 14:16 ddns.log -rw-r--r-- 1 root root 282 May 25 14:16 disk_monitor.log -rw-r--r-- 1 root root 91743 May 26 12:58 dnsmasq-dhcp.log -rw-r--r-- 1 root root 161 May 25 14:16 dnsmasq-script.log -rw-r--r-- 1 root root 12840 May 26 01:18 dnsmasq.log -rw-r--r-- 1 root root 529 May 26 01:47 dropbear.log -rw-r--r-- 1 root root 93 May 25 14:15 haveged.log -rw-r--r-- 1 root root 85114 May 26 13:16 hostapd.log -rw-r--r-- 1 root root 112 May 25 14:16 hotplug.log -rw-r--r-- 1 root root 82 May 25 14:16 hour_monitor.log -rw-r--r-- 1 root root 188 May 25 14:16 httpd.log -rw-r--r-- 1 root root 225 May 25 14:16 iTunes.log -rw-r--r-- 1 root root 353 May 25 14:16 inadyn.log -rw-r--r-- 1 root root 122 May 25 14:16 init.log -rw-r--r-- 1 root root 6295 May 25 17:41 kernel.log -rw-r--r-- 1 root root 95 May 25 14:16 lldpcli.log -rw-r--r-- 1 root root 1580 May 25 14:16 lldpd.log -rw-r--r-- 1 root root 972 May 25 14:16 networkmap.log -rw-r--r-- 1 root root 209 May 25 14:16 ntpd.log -rw-r--r-- 1 root root 17049 May 26 02:32 ovpn-server1.log -rw-r--r-- 1 root root 1866 May 25 14:16 pppd.log -rw-r--r-- 1 root root 1863 May 26 01:18 rc_service.log -rw-r--r-- 1 root root 75 May 25 14:16 roamast.log -rw-r--r-- 1 root root 1002 May 26 01:18 stubby.log -rw-r--r-- 1 root root 103 May 25 14:16 usb.log -rw-r--r-- 1 root root 81 May 25 14:16 wan.log -rw-r--r-- 1 root root 58834 May 26 12:35 wlceventd.log -rw-r--r-- 1 root root 906 May 25 14:17 wsdd2.log -rw-r--r-- 1 root root 87 May 25 14:17 zcip_client.log