Page 1 of 1

Syslog Server

Posted: 2020/09/14 16:11:06
by zamoralan
Hello, I have a CentOs 7.6.1810 and I need to create a syslog server that receives syslog messages from a remote source, and forward it logs to a remote server, but does not send its own logs.

For example, I have this scenario:

A. Remote Syslog source (10.10.10.1)
B. Syslog Server (CentOs) (10.10.10.2)
C. Remote SIEM (20.20.20.1)

So, I need "B" to receive the logs from "A" and forward the logs from "A" to "C", but without sending its own logs ("B").

Can someone help me? I have very basic knowledge of Linux.

Re: Syslog Server

Posted: 2020/09/15 11:51:26
by jlehtone
Is forwarding the only thing that B does, or does it log (A's messages) too?

Package rsyslog provides rsyslog.service. Documentation can be read with:

Code: Select all

man rsyslod
man rsyslog.conf
and http://www.rsyslog.com/doc

I have no idea, whether rsyslog's rules can filter/forward as you want.

Re: Syslog Server

Posted: 2020/09/15 15:15:37
by tunk
CentOS 7.6.1810 is out of date, you may want to run yum update to get 7.8.2003.