From Fedora Project Wiki
Description
Remote logging happens when the operating system logs events and errors to a different machine (server) over the network. This test case shows whether remote logging can be set up in a Fedora Server environment using system packages available after the installation.
Setup
- Run the default installation of Fedora Server on two different machines, either bare metal or virtual.
- When the systems are installed, check the following steps (3 and 4) on both machines.
- Check that
rsyslog
is installed on both machines.rpm -q rsyslog
- Check that the
rsyslog.service
is up and running.systemctl status rsyslog.service
- If not, enable the service and start it.
systemctl enable --now rsyslog.service
- On the server, edit the
/etc/rsyslog.conf
file.vi /etc/rsyslog.conf
- In the file, uncomment the following lines:
module(load="imudp")
input(type="imudp" port="514")
- On the server, open the UDP port 514 for incoming traffic.
firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload
- On the server, restart the
rsyslog.service
.systemctl restart rsyslog.service
- On the server, display the
/var/log/messages
so that it continues in the console.tail -f /var/log/messages
- On the client, edit the
/etc/rsyslog.conf
file.vi /etc/rsyslog.conf
- In the file, make sure, you have the following lines uncommented with proper settings included, such as
action(type="omfwd"
Target=192.168.122.201 Port="514" Protocol="udp")
where192.168.122.201
in an example IP address (replace with the actual address of your server). - On the client, restart the
rsyslog.service
.systemctl restart rsyslog.service
How to test
- On the client, run the following command to log a testing message.
logger user.warn This is a testing machine from the client.
- On the server, check that the message appears at the end of the
/var/log/messages
file.
Expected Results
The test should be considered successful, if the following is true.
- The
rsyslog
service is installed. - If
rsyslog.service
is not running by default, it can be started without any errors. - After you edit the configuration files, the service must be restarted without any errors.
- The client sends log messages to the server which displays them in the
/var/log/messages
.
Optional
You can also try sending log messages via the tcp protocol. In that case:
- The server's
/etc/rsyslog.conf
should have different lines uncommented, i.e.module(load="imtcp")
input(type="imtcp" port="514")
Restart the service again. - The server's firewall needs to have a tcp port 514 opened.
firewall-cmd --permanent --add-port=514/tcp
firewall-cmd --reload
- The client's configuration in
/etc/rsyslog.conf
has the Protocol property set to tcp. Restart the service again.