Graylog Remote Source or Client or Host Configuration
Step 1:
Install rsyslog packages
yum install rsyslog
Step 2:
Configure rsyslog using template : open file and add at the bottom
vi /etc/rsyslog.conf
## For FQDN
$PreserveFQDN on
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
## Graylog Log Template
$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %syslogtag%%msg%\n"
#Graylog Server With Port
*.* @172.17.20.100:5555;GRAYLOGRFC5424
Here:
*.* = all facility
@ = UDP & @@ = TCP
172.17.20.100 = Graylog Server
5555 = Port
GRAYLOGRFC5424 = Rsyslog Template
Step 3:
Restart rsyslog service
systemctl restart rsyslog
systemctl enable rsyslog
Step 4:
Login on Graylog Server and check on Source tab, Look like
