Tag Archives: logs

Syslog permissions blocking Splunk Access | syslog splunk permissions /var/log/messages

Had a problem splunk having access permissions to /var/log/messages, syslog would change the permissions to read only by root and no one else. The fix is in the syslog config file. See below.

Should have an entry like this 

Pay particular attentions to,

Then restart syslog


Setup a central rsyslog server Howto | Setup a central log server

This document has the instructions required to setup a centralized log server. This should be a minimum requirement for all organizations. A must have tool for intrusion prevention and detection.

Server Setup

Install rsyslog and vim text editor.

Edit the configuration file.

Ensure the configuration file has the following enabled.

Restart the service to allow the change of configuration to take effect.

The following command “netstat” will check to see which ports are open on the system and listening. Port 514 should be open and listening, waiting for logs to be shipped from the client.

If the above ports appear open, then the server configuration is operating correctly.


Client Setup

Let install rsyslog and vim text editor

Edit config file.

Appending the following line to the end of the configuration file. Ensure you change the IP address of the forward to the IP address of the rsyslog server configured earlier.

Restart rsyslog to allow the changes to take effect.

To test, issue the following command and tail the logs of the rsyslog server.

You should see the above quoted line appear on the servers logs.