Cloud Server is cheaper. VPSDime 6GB RAM OpenVZ instance costs $7/month, Aruba Cloud 1GB instance VMWare instance costs 1 Euro/month. Here Are the Steps Describing How To Configure Cloud Server Instance as Syslog Server. We Used Ubuntu 16.04 and KeyCDN as Example Usage. RSYSLOG means the rocket-fast system for log processing. Rsyslog is a Free Software for forwarding log messages in an IP network.
General Steps to Configure Cloud Server Instance as Syslog Server
If you want to install latest version of rsyslog, then check instructions on their GitHub repo, also you’ll get commands for CentOS :
|
1 |
https://github.com/rsyslog/rsyslog |
If you want to install as Ubuntu package, then run the immediately below commands to update, upgrade and install rsyslog :
---
|
1 2 |
apt-get update apt-get install rsyslog |
Configure Cloud Server Instance as Syslog Server With KeyCDN
This cloud server node is rsyslog-server. CDN log is captured on this server like we see on KeyCDN dashboard :
We talked about KeyCDN before. Open rsyslog.conf file :
|
1 |
nano /etc/rsyslog.conf |
|
1 2 3 |
# find these two lines and make them active by uncommenting $ModLoad imudp $UDPServerRun 514 |
Open a custom config file :
|
1 |
nano /etc/rsyslog.d/10-custom.conf |
You’ll add the following content with the modification of /path/to/your/logfile;cdnlogs :
|
1 2 3 |
$template cdnlogs,"%msg%\n" :msg, contains, "|uid<userId>|" /path/to/your/logfile;cdnlogs & ~ |
The above is correct setup, in case you /var/log/messages get flooded, add the above config before the entry of /var/log/messages rule on /etc/rsyslog.conf and empty the lines on /etc/rsyslog.d/10-custom.conf.
Restart rsyslog :
|
1 |
service rsyslog restart |
Also you need to configure syslog server from KeyCDN Dashboard, go to Account Settings, then Real-time Log Forwarding option menu. The log forwarding will take some time like 5-10 minutes.
If you run :
|
1 |
tail -f /path/to/your/logfile |
you’ll get new log entries. It is very important to keep the port 514 UDP open. To open via iptables, you need to run command like this :
|
1 |
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT |
Save iptables. Check networking :
|
1 2 |
netstat -na | grep :514 tcpdump port 514 |
Now we can use Elasticsearch and Logstash tools to transform, and store log data as next steps.
Tagged With configure syslog on ubuntu for cloud app security automatic log upload , how forwarding windows log to ubuntu in the cloud , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1831 Rp8bOyoJPu0FRDKslUXSgWvbDQQMzjdS6uYuL0eZxe73s_XzLQmWV64vMVsKYzzU 9fb0f5404c042875e244dc941410215eaf065d54&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , install syslog server google cloud