rsyslog on Nutanix

1. installing rsyslog server and rsyslog packages

# yum -y install rsyslog

2. configuring rsyslog

# vi /etc/rsyslog.conf

# Provides UDP syslog reception → UTP 포트
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception → TCP 포트
$ModLoad imtcp
$InputTCPServerRun 514

3. starting rsyslog service

# systemctl restart rsyslog.service

# netstat -antup | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 759/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 759/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 759/rsyslogd
udp6 0 0 :::514 :::* 759/rsyslogd

4. open service ports on firewall

#firewall-cmd — permanent — zone=public — add-port=514/tcp
#firewall-cmd — permanent — zone=public — add-port=514/udp
#firewall-cmd — reload

5. configuring rsyslog on client side

(1) rsyslog.conf

# vi /etc/rsyslog.conf

*.info;mail.none;authpriv.none;cron.none @192.168.1.93 ← rsyslog server

→ adding necessary modules (필요한 서비스에 맞게 모듈 구성)

(2) restaring rsyslog service

# systemctl restart rsyslog.service

(3) firewall

#firewall-cmd — permanent — zone=public — add-port=514/tcp
#firewall-cmd — permanent — zone=public — add-port=514/udp
#firewall-cmd — reload

6. Nutanix : rsyslog_config

(1) config rsyslog server : name - logServer

ncli> rsyslog-config add-server name=logServer ip-address=192.168.1.93 network-protocol=udp port=514

(2) adding modules

ncli> rsyslog-config create-module server-name=logServer module-name=STARGATE level=ALERT include-monitor-logs=false

- Module Name : CASSANDRA, CEREBRO, CURATOR, GENESIS, PRISM, STARGATE,

SYSLOG_MODULE, ZOOKEEPER, ACROPOLIS

- Level : DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY

(3) check configuration

ncli> rsyslog-config list-servers

Name : logServer

IP Address : 192.168.1.93

Port : 514

Protocol : UDP

Relp Enabled :

Module Name : ZOOKEEPER

Log Level : ALERT

Include Monitor Logs : true

Module Name : CASSANDRA

Log Level : ALERT

Include Monitor Logs : true

Module Name : CURATOR

Log Level : ALERT

Include Monitor Logs : true

Module Name : GENESIS

Log Level : ALERT

Include Monitor Logs : true

Module Name : PRISM

Log Level : ALERT

Include Monitor Logs : true

Module Name : STARGATE

Log Level : ALERT

Include Monitor Logs : true

Module Name : ACROPOLIS

Log Level : ALERT

Include Monitor Logs : true