Share your love
Comprehensive Guide To Configure Rsyslog in AlmaLinux 8/9

This tutorial intends to teach you how to install and configure Rsyslog in AlmaLinux (System Logging in the AlmaLinux server). You can use both AlmaLinux 8 and AlmaLinux 9. Now let’s get familiar with Rsyslog and Configure Rsyslog in AlmaLinux with the guide steps below on the Orcacore website.
Table of Contents
What Is Rsyslog in Linux?
Rsyslog (Rocket-fast System for log processing) is a tool in Linux that is used for message logging. It has high performance and ships with excellent security.
Now follow the steps below to enable this amazing tool and Configure Rsyslog in AlmaLinux.
Steps To Configure Rsyslog in AlmaLinux
To Configure Rsyslog in AlmaLinux, you must have access to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can visit AlmaLinux Tutorials and check for the Initial Guides.
Then, follow the steps below to Configure Rsyslog in AlmaLinux.
Step 1 – Check if Rsyslog installed
First, you must check for your Rsyslog installation on your server y using the command below:
sudo systemctl status rsyslog
In my case, I get the following output:
Output
Unit rsyslog.service could not be found.
So we must install and enable Rsyslog.
Step 2 – Command To Install Rsyslog in AlmaLinux
At this point, you can use the following command to install the Rsyslog utility in AlmaLinux:
sudo dnf install rsyslog -y
In your output, you will see:
Output
Installed:
libestr-0.1.11-4.el9.x86_64 libfastjson-0.99.9-3.el9.x86_64
rsyslog-8.2102.0-113.el9_2.x86_64 rsyslog-logrotate-8.2102.0-113.el9_2.x86_64
Complete!
Step 3 – Enable Rsyslog in AlmaLinux
When your installation is completed, you must start and enable your Rsyslog service by using the following commands:
# sudo systemctl enable rsyslog
# sudo systemctl start rsyslog
Finally, verify your Rsyslog is active and running on AlmaLinux:
sudo systemctl status rsyslog

At this point, we want to show you how to Configure Rsyslog in AlmaLinux to send logs to another Rsyslog host over a TCP or UDP connection. This will in turn provide a centralized location for managing the logs.
Step 4 – Configure Rsyslog for Remote Logging over TCP
To Configure Rsyslog in AlmaLinux, you must configure your both server and client to use the TCP logging.
Configure AlmaLinux Server TCP Remote Logging
First, from your server, you must use a different TCP port and allow it through the firewall by using the command below:
# sudo firewall-cmd --zone=public --permanent --add-port=30514/tcp
# sudo firewall-cmd --reload
Then, allow the port through the SELinux with the command below:
sudo semanage port -a -t syslogd_port_t -p tcp 30514
Next, you must create a file in the /etc/rsyslog.d directory with your favorite text editor, we use vi editor:
sudo vi /etc/rsyslog.d/remotelog.conf
Add the following content to the file:
# Define templates before the rules that use them
# Per-Host templates for remote systems
template(name="TmplAuthpriv" type="list") {
constant(value="/var/log/remote/auth/")
property(name="hostname")
constant(value="/")
property(name="programname" SecurePath="replace")
constant(value=".log")
}
template(name="TmplMsg" type="list") {
constant(value="/var/log/remote/msg/")
property(name="hostname")
constant(value="/")
property(name="programname" SecurePath="replace")
constant(value=".log")
}
# Provides TCP syslog reception
module(load="imtcp")
# Adding this ruleset to process remote messages
ruleset(name="remote1"){
authpriv.* action(type="omfile" DynaFile="TmplAuthpriv")
*.info;mail.none;authpriv.none;cron.none
action(type="omfile" DynaFile="TmplMsg")
}
input(type="imtcp" port="30514" ruleset="remote1")
When you are done, save and close the file.
Now check for the Rsyslog syntax error with the command below:
rsyslogd -N 1
In your output, you should see:

Then, restart your Rsyslog service to apply the changes:
sudo systemctl restart rsyslog
Configure a Client for TCP Remote Logging
At this point, from your client machine, you must install and enable the Rsyslog service as shown in the above steps, and open the TCP port on your client machine for remote logging.
When you are done, create a Rsyslog file in your client machine with the command below:
sudo vi /etc/rsyslog.d/remotelog.conf
Add the following content to the file:
*.* action(type="omfwd"
queue.type="linkedlist"
queue.filename="example_fwd"
action.resumeRetryCount="-1"
queue.saveOnShutdown="on"
target="orcacore.com" port="30514" protocol="tcp"
)
When you are done, save and close the file.
The target specifies the server and port to receive the messages.
Then, restart your Rsyslog service on your client machine:
sudo systemctl restart rsyslog
Send a Test Message and Verify it from the Server
At this point, you can send a test message from your client’s machine with the following command:
sudo logger test
Next, from your AlmaLinux server, you can use the following command to verify that the message has been received:
sudo cat /var/log/remote/msg/hostname/root.log
Note: Remember to replace the hostname with the hostname of the client system. And replace the root with the user name of the user that entered the logger command on the client.
Step 5 – Configure Rsyslog for Remote Logging over UDP
Also, you can configure logging via UDP by configuring both the server and the client system. By default, port 514 is used for UDP, but you can configure a different port as we did for TCP.
The configuration steps are the same as the TCP. You just need to use the UDP port instead of TCP.
That’s it, you are done. For more information, you can visit Rsyslog Documentation.
What is the configuration file for Rsyslog in Linux?
The main configuration file for Rsyslog is /etc/rsyslog.conf. From there, you can specify global directives, modules, and rules that consist of filter and action parts.
Conclusion
At this point, you have learned to Install, Enable, and Configure Rsyslog in AlmaLinux. Configure Rsyslog for Remote Logging over TCP and UDP on both the Client and Server.
Hope you enjoy it. You may also interested in these articles: