RSYS log Server Installation & Configuration with Mikrotik
RSYS log Server Installation & Configuration
Hi friends, Today we will Install RSYS Log Server in Ubuntu. Then we will Connect with Mikrotik.
We will transfer TCP / UDP Logs in RSys Log Server. These Logs helps us to find any activity on our network. We will save logs in RSYS Log Server of any Switch , System or Network equipment.
We will make this Server as a Central Sys Log server. This server able to collect Event Logs, System Logs, Application Logs, Debugging Logs etc.
1st we will Download the iso file of Ubuntu then we will install in physical PC or in VM. We will install in VMware for testing purpose. After that we will attach Mikrotik with RSYS Log server.
you can download Ubuntu iso from bellow link.
Now we will install Ubuntu in VMware. we can create a virtual machine set Hardware credentials then install into it. you can get help to see my video by Click Here.
After successfully installation of Ubuntu now we will ready to use RSYS LOG SERVER. This Server is available by default in Ubuntu 20.04 LTS server. RSYS LOG will make separate log file of every device. When RSYS Log Server getting logs on every device then we will ROTATE Logs. Why Rotation is necessary? When the log server receives logs from devices, the file size increases and the logs are not stored in the file & SYS Log server crashed. That's why we need Rotation, for this we will make a criteria and SYS log will follow this. We can set the file to rotate or delete the file after a certain size. Criteria can be base on daily , weekly, monthly.
The process begins:
1st we will create Folder where we can save all logs and Archives then we will set the permission for syslog user to accessing the folder.
mkdir /var/log/network-logs
chown syslog:adm /var/log/network-logs
#Creating Log's Archived Folder and Setting correct Permissions
mkdir /var/log/network-logs/logs-archive
chown syslog:adm /var/log/network-logs/logs-archive
touch /etc/rsyslog.d/network-logs.conf
Create a custom RSYS Log config file to tell where to save the Logs.Bellow command for TCP / UDP logs. TCP Logs will be listening on port "5140" and UDP Logs will be listening on port "514".
You can modify as per your need.
nano /etc/rsyslog.d/network-logs.conf
ctrl+x (for saving the file)#################
#### MODULES ####
#################
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="5140")
#Custom template to generate the log filename dynamically based on the client's IP address or Hostname.
$template RemoteInputLogs, "/var/log/network-logs/%FROMHOST%.log"
*.* ?RemoteInputLogs
Adding Rotation.
Bellow template rotate Logs after defined criteria.
We will create a file for Rotation
touch /etc/logrotate.d/network-logsNow we will open Rotation file then we will paste bellow commands.
nano /etc/logrotate.d/network-logsNow paste below commands in rotation file. These commands make a criteria of 1000Mb file. when file size reaches on 1000Mb this script will rotate the file on daily basis and save last 26 files.
/var/log/network-logs/*.log
{
daily
size 1000M
copytruncate
create
compress
olddir /var/log/network-logs/logs-archive
rotate 26
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}All process done Now we will start the service by type bellow command. 1st we check the port 514 is running or not.
netstat -lpntu | grep 514
service rsyslog restart
service logrotate restart
#put this command again for checking the port
netstat -lpntu | grep 514cd /var/log/network-logs/
lsif we see logs on real time then we will tail -f with related file name.
tail -f filename.log
tail -f _gateway.logSet Date and Time using Bellow commands
timedatectl
timedatectl set-ntp yes
timedatectl set-timezone Asia/Karachi
Now we will Config sys log with Mikrotik.
You can see in my video how to transfer logs from Mikrotik and save in RSYS LOG Server.
Hope you like my effort.
Why not a Cup of COFFEE if you like my effort?
Post a Comment
0 Comments