Configure Cloud Server Instance as Syslog Server (Ubuntu 16.04)

Cloud Server is cheaper. VPSDime 6GB RAM OpenVZ instance costs $7/month, Aruba Cloud 1GB instance VMWare instance costs 1 Euro/month. Here Are the Steps Describing How To Configure Cloud Server Instance as Syslog Server. We Used Ubuntu 16.04 and KeyCDN as Example Usage. RSYSLOG means the rocket-fast system for log processing. Rsyslog is a Free Software for forwarding log messages in an IP network.

 

General Steps to Configure Cloud Server Instance as Syslog Server

 

If you want to install latest version of rsyslog, then check instructions on their GitHub repo, also you’ll get commands for CentOS :

If you want to install as Ubuntu package, then run the immediately below commands to update, upgrade and install rsyslog :

 

Configure Cloud Server Instance as Syslog Server With KeyCDN

 

This cloud server node is rsyslog-server. CDN log is captured on this server like we see on KeyCDN dashboard :

We talked about KeyCDN before. Open rsyslog.conf file :

Open a custom config file :

You’ll add the following content with the modification of and /path/to/your/logfile;cdnlogs :

The above is correct setup, in case you /var/log/messages get flooded, add the above config before the entry of /var/log/messages rule on /etc/rsyslog.conf and empty the lines on /etc/rsyslog.d/10-custom.conf.

can be found as User ID from KeyCDN Account Details link on dashboard.

Restart rsyslog :

Also you need to configure syslog server from KeyCDN Dashboard, go to Account Settings, then Real-time Log Forwarding option menu. The log forwarding will take some time like 5-10 minutes.

If you run :

you’ll get new log entries. It is very important to keep the port 514 UDP open. To open via iptables, you need to run command like this :

Save iptables. Check networking :

Now we can use Elasticsearch and Logstash tools to transform, and store log data as next steps.