Simple Syslog server setup in Windows and Ubuntu

syslog_server_setup

Skill - Simple Syslog server setup in Windows and Ubuntu

In this post we will setup a simple syslog server in windows and Debian based systems like Ubuntu

Syslog is a standard protocol to send logs or event messages to a logs storage server

There are many paid and free syslog server solutions for windows
Syslog Watcher is a free Syslog listener for windows that can view logs from various syslog sources that can be downloaded from here
Configure the Syslog Watcher to listen for syslogs at UDP port 514 as shown in the below image

syslog watcher config demo.png

rsyslog server is a robust production-ready opensource syslog server in ubuntu that can store logs in log files
rsyslog can be installed in ubuntu using the following command

sudo apt-get install rsyslog -y or sudo apt install rsyslog -y

rsyslog server can be started and enabled to start at system startup using the following commands

sudo systemctl start rsyslog
sudo systemctl enable rsyslog

rsyslog server can be configured using the configuration file located at /etc/rsyslog.conf
Make sure the following lines are present in the configuration file for listening at UDP port 514

module(load="imudp")
input(type="imudp" port="514")

Make sure the following lines are present in the configuration file below the listener configuration for specifying the logs storage files location

$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
*.* ?remote-incoming-logs
& ~

rsyslog server can be restarted after configuration changes using the following command

sudo systemctl restart rsyslog

sudo systemctl status rsyslog

If firewall is used in the server, allow listening on UDP 514 port using the following command

sudo ufw allow 514/udp

The video for this post can be seen here