Prerequisites
Before setting up centralized logging, make sure you have:
- At least two VPS servers (one as log server)
- Root or sudo privileges on all servers
- UDP port 514 open
Part 1: Configure Log Server (Central Collector)
Connect to your central log server:
ssh hxroot@LOG_SERVER_IP -p 22Edit rsyslog configuration:
sudo nano /etc/rsyslog.confUncomment or add:
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")Create separate log files per remote host:
sudo nano /etc/rsyslog.d/remote.conftemplate(name="RemoteLogs" type="string" string="/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log")
*.* ?RemoteLogsRestart rsyslog:
sudo systemctl restart rsyslogAllow firewall:
sudo ufw allow 514/udp
sudo ufw allow 514/tcpPart 2: Configure Client Servers
Connect to your client VPS:
ssh hxroot@CLIENT_VPS_IP -p 22Edit rsyslog config:
sudo nano /etc/rsyslog.confAdd at the end:
*.* @LOG_SERVER_IP:514For TCP (more reliable):
*.* @@LOG_SERVER_IP:514Restart rsyslog:
sudo systemctl restart rsyslogStep 3: Test Log Forwarding
On client, generate a test log:
logger "Test log from $(hostname)"On log server, check:
sudo ls /var/log/remote/sudo tail -f /var/log/remote/CLIENT_HOSTNAME/syslog.logOptional: Encrypt Logs with TLS
For secure transmission, use rsyslog over TLS (advanced).
✅ Centralized logging configured. All logs are now collected on the log server.