Tag Archives: server logs management

How to centralize server logs with Rsyslog?

Centralizing Server logs with Rsyslog

1. Overview

Centralizing logs from multiple servers on one server can be of great interest to the security level within a system of information. Indeed, it is easier for log analysis tools to compare, read and scan files being on a single server rather than doing it remotely or through remote agents. Also in case of server crash, you will be able to recover the mistakes and actions on your server before it does crash, facilitating the restoration activity of this and future security.

On most of the modern Linux systems then log management tool is by default Rsyslog and it is one that we will use in this tutorial. Here, we will work on two machines running Debian 7, one acting as a server, the other as a “client” that will send its logs to the server. In both cases, the configuration file to edit is always /etc/rsyslog.conf. One can nevertheless put in /etc/rsylog.d/ and make a “include” in the main configuration file to import. read more