Logging is a critical aspect of Linux server management. Log messages are useful for root cause analysis and avoiding potential error occurrences in the future. Analyzing and debugging server errors is a core skill to have for both IT engineers and system administrators.
This guide will show you how to set up a remote logging server, also known as a log host, on Linux. A log host allows you to aggregate local Linux logs to a remote centralized server for ease of access and analysis.
source: https://www.makeuseof.com/set-up-linux-remote-logging-using-rsyslog/
You can create a syslog logging server as a VM or as a docker container. Just allow a suitable amount of disk space.
1
2
sudo apt install rsyslog
sudo nano /etc/rsyslog.conf
Uncomment the following lines:
1
2
3
4
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
Add the following lines:
1
2
$template remote-incoming-logs, "/var/log/remote/%HOSTNAME%".log
*.* ?remote-incoming-logs
The log files will be stored here:
1
cd /var/log/remote
Configure your device to send the syslog messages to the syslog server’s IP address and TCP or UDP.