How To Configure Greylog Client on CentOS 8 Linux

Step 1:

Access http://[your-graylog-server]:[portNumber]/system/inputs to obtain this info such as show in this example:

Syslog_UDP Syslog UDP 1 RUNNING
allow_override_date: true
bind_address: 10.10.10.100
expand_structured_data: false
force_rdns: false
number_worker_threads: 4
override_source: <empty>
port: 514
recv_buffer_size: 1048576
store_full_message: false
Step 2:

Configure the Linux client (CentOS 8 is used in this illustration)

# Check whether rsyslog exists and is running:
[root@linuxbox ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-12-16 23:49:45 PST; 17h ago
     Docs: man:rsyslogd(8)           
 Main PID: 1230 (rsyslogd)
    Tasks: 3 (limit: 48547)
   Memory: 100.6M
   CGroup: /system.slice/rsyslog.service
           └─1230 /usr/sbin/rsyslogd -n

# Configure syslog:

# Check whether there are existing configs
[root@linuxbox ~]# ls /etc/rsyslog.d
# empty output would mean that there're no existing configurations

# Add a config file
graylogServer=your-graylog-server
port=514 # this port is default and may not be correct unless verified
protocol=udp # access http://your-graylog-server:9000/system/inputs to obtain this info
configFile=/etc/rsyslog.d/greylog.conf
if [$protocol == udp]
then
	prefix=@
else
	prefix=@@
fi
echo "*.* $prefix$graylogServer:$port;RSYSLOG_SyslogProtocol23Format"
cat << EOF > $configFile
*.* $prefix$graylogServer:$port;RSYSLOG_SyslogProtocol23Format
EOF
cat $configFile

# Restart rsyslog to realize changes
systemctl restart rsyslog
Posted on Categories Linux

Leave a Reply

Your email address will not be published. Required fields are marked *