REMOTESYSLOG.md
# How to send logs from Local syslog to a remote syslog Server
This readme file shows how to setup a remote syslog server to host logs and how to send these logs from client/local syslog
### Remote Syslog Server Configuration(Server will receive logs from client):
* Install rsyslog server if it is not installed:
`$ sudo service rsyslog restart`
* Check the rsyslog state:
`$ sudo service rsyslog status`
* If rsyslog isn’t active, start it by running the following command:
`$ sudo service rsyslog start`
or
`$ sudo systemctl start rsyslog`
* Edit the file "/etc/resyslog.conf" using nano editor:
`$ sudo nano /etc/rsyslog.conf`
* Within the config file, uncomment or add the following lines (UDP/TCP):
`module(load="imudp")`
`input(type="imudp" port="514")`
`module(load="imtcp")`
`input(type="imtcp" port="514")`
* Save and close the config file after completing modifications "ctrl+s" then "ctrl+x"
* Edit firewall rules to allow incoming logs through TCP/UDP:
`$ sudo ufw allow 514/tcp`
`$ sudo ufw allow 514/udp`
* Restart rsyslog service by running the following command:
`$ sudo service rsyslog restart`
### Local Syslog Configuration (Client having logs that needs to be sent to a remote syslog server):
* Install rsyslog server if it is not installed:
`$ sudo apt install rsyslog`
* Check the rsyslog state:
`$ sudo service rsyslog status`
* If rsyslog isn’t active, start it by running either of the following commands:
`$ sudo service rsyslog start`
or
`$ sudo systemctl start rsyslog`
* Edit the file "/etc/resyslog.conf" using nano editor:
`$ sudo nano /etc/rsyslog.conf`
* Add the following line, replacing the IP "18.223.3.241" with the remote syslog server IP:
`*.* @@18.223.3.241:514`
* Save and close the config file after modifications "ctrl+s" then "ctrl+x"
* Restart the rsyslog service by running:
`$ sudo service rsyslog restart`