Configure Linux Rsyslog Forwarding

Learn On Demand
Learn On Demand Pro Series

This Configure Linux Rsyslog Forwarding IT Pro Challenge helps learners understand how to use rsyslog on a Linux host for message forwarding, as well as configuring the firewall to allow incoming rsyslog messages, and using rsyslog to forward logs to a specified location.

Time
1 hour
Difficulty
Intermediate
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

In this Configure Linux Rsyslog Forwarding IT Pro Challenge, learners will gain a basic understanding of how to use rsyslog to forward messages to a Linux host, how to verify that ryslog is running, as well as how to configure the firewall to allow incoming messages. Learners will also use rsyslog to forward local and rule-based messages to the desired location. They will see how to use the syslog to verify that the correct messages were forwarded.

The skills acquired in this lab are important for anyone pursuing a career as a Linux or Network administrator.

Overview

In this lab, the scenario is that you’re the Linux administrator for your company and you are tasked with using rsyslog to configure centralized logging for Linux hosts.

The rocket-fast system for log processing (rsyslog) is a utility for forwarding log messages. You will become comfortable using ryslog to configure messaging between hosts, and you will learn how to send local messages. You will also gain knowledge in rule-based messaging, where you only forward messages that contain a certain string. For example, you may only want to forward messages that contain the string “test” to another Linux host. You will learn how to verify that the messaging is working by sending test messages and then examining the syslog file to ensure the messaging is working as expected.

Enable rsyslog incoming messages on Ubuntu2

First, you are going to configure a Linux server so that it can receive log messages over TCP and UDP port 514, which means that UDP port 514 for rsyslog is listening on the Linux server. You will also verify that rsyslog is running on two Linux servers.

Forward Ubuntu1 log messages to Ubuntu2

Now you’re going to learn how to forward to different types of logs: local and rule-based. First, you will configure one Linux host to forward all local messages to a second Linux host. Then, you will configure a host to only forward log messages that contain a specific string of text to another host. You will test your work by sending test log messages from one host to the other and verifying what is written to the syslog.

Summary Conclusion

By taking this lab, you will learn how to use rsyslog, how to verify rsyslog is running, and how to configure a Linux host to forward local log messages to another host, as well as how to forward specific logs (based on message content) to another Linux host.