Sei sulla pagina 1di 2

Installing Rsyslog Central Server and Client : Shotgun Support

Page 1 sur 2

Forums / Knowledge Base / Shotgun Technical Specs

Installing Rsyslog Central Server and Client


Derek Tamsen
posted this on February 20, 2013 01:05 PM

Installing a Central Rsyslog Server


This document will describe how to install rsyslog and configure it to recieve logs from other senders/forwarders over tcp and udp. It will cache the logs from the remote servers
under /var/log/rsyslog-central/$HOSTNAME

Disable syslog and remove old versions of rsyslog (Centos 5)


Centos 5 ships with syslog as it's default logging service. This version is lacking in various features and can easily be replaced by rsyslog.
Stop syslog
$ sudo /etc/init.d/syslog stop
Disable syslog from starting at bootup
$ sudo chkconfig syslog off
Some installations of centos 5 may also contain an old version of rsyslog. Remove the old version as it will conflict with the newer version.
centos 5:
$ sudo yum erase rsyslog

Install Rsyslog
In centos 5 the rsyslog package we need is called "rsyslog5"
centos 5:
$ sudo yum install rsyslog5 rsyslog5-gnutls
Centos 6 ships with rsyslog already installed and set to the default logging engine. However, lets make sure it is installed and the latest available version.
$ sudo yum install rsyslog
Enable rsyslog and start it
$ sudo chkconfig rsyslog on && sudo /etc/init.d/rsyslog start

Create the CA and central rsyslog certs


Install the gnu cert utils to generate the tcp tls certificates. This will be used to secure the client -> server communications. Using the excellent rsyslog tls docs for assistance.
$ sudo yum install gnutls-utils.x86_64
Next, generate a CA key to be used to sign the server and client certificates. DO NOT DISTRIBUTE THIS FILE
$ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog-ca.example.com.key
Fix up the permissions on the private key so it is only readable by root
$ sudo chmod 0600 /etc/pki/tls/private/syslog-ca.example.com.key
Now, generate the CA certificate and sign it with the private key. You will need to specify that this is a signing certificate which is part of an authority. Once the certificate is
created and signed you will need to distribute "/etc/pki/tls/certs/syslog-ca.example.com.crt" to all of the rsyslog systems. This will allow them to validate the peer they are
connecting with.
$ sudo certtool --generate-self-signed --load-privkey /etc/pki/tls/private/syslog-ca.example.com.key --bits 2048 --outfile /etc/
pki/tls/certs/syslog-ca.example.com.crt
Create a private key for the central syslog server. DO NOT DISTRIBUTE THIS FILE
$ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog.example.com.key
Fix up the permissions on the private key so it is only readable by root
$ sudo chmod 0600 /etc/pki/tls/private/syslog.example.com.key
Then, generate the certificate signing request
$ sudo certtool --generate-request --bits 2048 --load-privkey /etc/pki/tls/private/syslog.example.com.key --outfile /etc/pki/tls
/private/syslog.example.com.csr
Next, sign the syslog server certificate with the ca private key. When asked this cert will not be used as an authority and will be used for TLS web and client authentication.
$ sudo certtool --generate-certificate --bits 2048 --load-request /etc/pki/tls/private/syslog.example.com.csr --outfile /etc/pki
/tls/certs/syslog.example.com.crt --load-ca-certificate /etc/pki/tls/certs/syslog-ca.example.com.crt --load-ca-privkey /etc/pki/
tls/private/syslog-ca.example.com.key

Install the modified rsyslog configuration for the central rsyslog server
Install the attached configuration file and copy it to "/etc/rsyslog.conf". Then restart rsyslog to apply the changes. This will setup listeners on udp and tcp ports 5544 which will be
saved to /var/log/rsyslog-central/$HOSTNAME/syslog.log. It will also log any local messages to the usual places (/var/log/messages, /var/log/secure, /var/log/cron, etc).
central-rsyslog.conf

https://support.shotgunsoftware.com/entries/23195772-Installing-Rsyslog-Central-Ser... 14/12/2014

Installing Rsyslog Central Server and Client : Shotgun Support

Page 2 sur 2

Rsyslog Forwarding Client Setup


This will log the usual things to the local logs, setup a forwarding queue to withstand network/service outages, and forward all messages to a remote host.

Client Configuration
Use the following steps listed under the server setup instruction to get a base configuration running on the client
1. Disable syslog and remove old versions of rsyslog (Centos 5)
2. Install Rsyslog
Once you have installed rsyslog and started it generate a client certificate and modify the configuration to forward messages to the central syslog server.

Client Certificate Creation


Once rsyslog has been installed you will need to generate a client certificate. Currently, we only have one certificate that all the clients will share.
Generate the private keyfile for the client certificate.
$ sudo certtool --generate-privkey --bits 2048 --outfile /etc/pki/tls/private/syslog-client.example.com.key
Fix the permissions on the private key so only root can read it
$ sudo chmod 0600 /etc/pki/tls/private/syslog-client.example.com.key
Generate the certificate signing request
$ sudo certtool --generate-request --bits 2048 --load-privkey /etc/pki/tls/private/syslog-client.example.com.key --outfile /etc/
pki/tls/private/syslog-client.example.com.csr
Fix the permissions on the csr so only root can read it.

$ sudo chmod 0600 /etc/pki/tls/private/syslog-client.example.com.csr


Sign the csr with the CA cert to authorize it.
$ sudo certtool --generate-certificate --bits 2048 --load-request /etc/pki/tls/private/syslog-client.example.com.csr --outfile /
etc/pki/tls/certs/syslog-client.example.com.crt --load-ca-certificate /etc/pki/tls/certs/syslog-ca.example.com.crt --load-ca-pri
vkey /etc/pki/tls/private/syslog-ca.example.com.key

Client Rsyslog Configuration


Once rsyslog is installed and a client certificate is saved on the server install the modified rsyslog configration. This will forward events to the central rsyslog server.
Edit the client syslog configuration. Use the attached file for the config file: https://support.shotgunsoftware.com/attachments/token/rgtigwkit4wmywi/?name=rsyslog.conf-client
$ sudo vi /etc/rsyslog.conf
rsyslog.conf-central
rsyslog.conf-client

0 people found this useful. - Be the first!

https://support.shotgunsoftware.com/entries/23195772-Installing-Rsyslog-Central-Ser... 14/12/2014