Maybe some of you are very unfamiliar with the term syslog server. Indeed, this is not a server that is commonly used, but if you want to add insight into the world of servers, then there’s nothing wrong with knowing about the syslog server. The syslog is very important for storing syslog data.
Before reading further, for those of you who want to know more about Netdata, you can contact us directly via the link below.
Baiklah, mari kita membahas tentang syslog server dalam jaringan komputer dan bagaimana cara menginstallnya di OS Linux dan juga Windows.
Table of Contents
Explanation and Usability of Syslog Server
Before discussing the syslog server, what you should know is what syslog data is. Syslog (System logging protocol) is the protocol a computer system uses to send log messages to a central location for storage. The logs can then be accessed by analysis and reporting software to perform auditing, monitoring, troubleshooting, and other critical IT operational tasks.
These log messages include a timestamp, severity rating, device ID (including IP address), and information specific to the event. Despite its drawbacks, the syslog protocol is widely implemented because it is easy to implement, and quite open, allowing many different proprietary implementations, and thus the ability to monitor almost any connected device.
To install it, it turns out that if you look at it with the naked eye, many will think that this server can only be installed on Linux. However, if you are using a Windows OS, this syslog server can be installed as well.
Installing Syslog Server on Linux OS
However, it should also be noted that basically this Syslog server can only be installed on Linux. However, if it is installed on Windows, it will have a more complicated method, namely by using a third-party application.
Basically it’s not compatible if you install syslog server to Windows because it’s not intended for that OS. But here we will discuss how to install syslog server on Linux as well as Windows.
Installing Syslog Server on Linux OS
Untuk menginstall syslog server di OS Linux, caranya adalah sebagai berikut:
1. Install Rsylog
Rsyslog is the default syslogd on Debian systems and is usually installed on Ubuntu 20.04 by default. You can verify this by checking the installed version of rsyslog.
# apt list -a rsyslog
If it is not installed, you can install it by simply running the following command:
# sudo apt-get install rsyslog -y atau sudo apt install rsyslog -y
2. Start the Syslog service
Once the installation is complete, start the Rsyslog service and enable it to start on system reboot:
# sudo systemctl start rsyslog
# sudo systemctl enable rsyslog
3. Set up rsylog server
Next, you need to set up the Rsyslog server to run in server mode. You can configure it by editing the /etc/rsyslog.conf file:
# sudo vi /etc/rsyslog.conf
Enter Insert mode: Press ‘I’ Button
Find and uncomment the following lines to make your server listen for udp and tcp ports in the MODULE section as shown below;
#### MODULES ####
# provides UDP syslog reception
# provides TCP syslog reception
4. Next, you need to add the following lines to receive and store incoming syslog messages just below the input(type=”imtcp” port=”514″) line:
$template RemInputLogs, “/var/log/remotelogs/%FROMHOST-IP%/%PROGRAMNAME%.log”
5. Save and close the file, key to use: Press Esc and >type :wq!
6. Then restart Rsyslog to apply changes:
# sudo systemctl restart rsyslog
7. Verify Rsyslog status with the following command:
# sudo systemctl status rsyslog
8. At this point, Rsyslog starts up and listens on port 514. Validation is equivalent to the following command:
# ss -antpl | grep 514 atau ss -4altunp | grep 514
9. If the firewall is running open rsyslog through it:
# sudo ufw izinkan 514/tcp
# sudo ufw izinkan 514/udp
10. Before you can restart rsyslogd, run a configuration check.
# rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: versi 8.2001.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
Jika semuanya berfungsi dengan baik, lanjutkan untuk me-restart rsyslog.
# sudo systemctl restart rsyslog
11. Once syslog is up and running, run the following command to view the boosted logs:
# ekor -f /var/log/syslog
12. Now see the Configuring Log Recipients article to configure LSS in the ZPA Admin Portal.
CATATAN: Ini akan bervariasi dari kasus ke kasus, karena di lingkungan pembuat log bisa jadi adalah LSS (Log streaming service) dari produk ZPA(Zscaler Private Access)
13. Once the log receiver configuration is complete, you will see the logs as mentioned in Step 11.
Some Suitable Syslog Servers On Linux
There are lots of syslog servers that are provided and can be installed on Linux. However, there are some that are not suitable and are even suitable for installation on Windows servers.
Some suitable syslog servers on Linux are as follows:
Graylog is a log file manager that you can install on Linux for free. However, you must understand that this version has limitations in combining data, where per day it can only collect 5 GB of information. This graylog uses a browser base to make it an independent operating process that is easy to see.
This is an open source tool that can be used on Linux for free. The logstash is a collector on the stack, to be able to listen to messages and save them. If we wish for more functionality we can install Elasticsearch which functions to sort as well as filter data for analysis.
- Icinga 2
This is a free server and also the latest version. By installing this server we can ensure the variety of messages that are stuck, by implementing this server we can also load messages that are stored into the viewer.
The syslog server model from Icinga is divided into two components, namely the processing component which can be called Icinga Core and the front end which is usually called Web 2.0.
Another server is Syslog-NG. You can also get this server for free and it is an open project. This one server will be able to store several messages into a file.
And the last one is Current which you can also install for free. By implementing this server we need to add plugins to be able to extend the capabilities of this tool.
However, Lancar itself is just a system that is applied for data collection, so we need to add other front ends, such as adding Nagios to be able to get analysis and an interface to be able to process fluentd.
Some Syslog Server Recommendations For Windows
If you are using a Windows server, you can use a third party application because remember, this Syslog does not exist for the Windows version and is only for Linux. However, for Windows, you can use some of the following servers.
- Kiwi Solarwinds
Still the same as the others, this server is a free server. The Kiwi Solarwinds server is also used to monitor up to five devices. This packet serves to collect messages that mimic SNMP as well as data. The server will write a message to the file and display it in the utility interface viewer.
- Sistem Fastvue
Fastvue is a server that is not only used to create files, but can also be used to maintain those files. The server will monitor the size of each of our log files, but also to report it when the size changes intermittently.
The server for storing messages in this file will be sorted by date, choice, and to partition data according to the variety of devices.
- Sistem paessler PRTG
The next server is PRTG, which is a system used to comprehensively monitor infrastructure. The elements used to collect data consist of a sensor, we don’t need to turn on all the existing sensors, we can adjust the monitor to be able to focus on just one of your fields.
It is also a suitable syslog server to install on Windows for free. This server is a very basic server on Windows 32 bit system.
In addition, this server is a very inconvenient protocol and should not be used using the internet. However, this server is a standard system for being able to transfer small system files over a private network.
- WhatsUp gold
This is a network monitoring system and its manufacturers which can be accessed free of charge or free of charge on Windows-based operating systems. This server will organize the files into a directory structure that will make it easier for us to search for data sets.
That was the discussion about the syslog server. Indeed, if you look again, this is a complicated discussion, but it will be very useful for those of you who need it. If you are interested in getting other interesting information regarding servers and networks, you can visit the NetData website for more details.
NetData is a company that provides technology-based services with the best service and quality, if you are interested in us you can contact us directly via this link or via our contact form here.