Configuring a Syslog Server
Here are the instructions to send /var/log/logintc/authenticate.log and /var/log/radius/radius.log to your syslog server.
SSH into the LoginTC RADIUS Connector then:
1. Modify /etc/rsyslog.conf:
sudo vi /etc/rsyslog.conf
2. Add the following line in "#### MODULES ####" section:
$ModLoad imfile
3. Example:
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
$ModLoad imfile
4. Save and quit from /etc/rsyslog.conf:
:wq
5. Create a new configuration for authenticate.log:
sudo vi /etc/rsyslog.d/logintc.authenticate.conf
Contents:
$InputFileName /var/log/logintc/authenticate.log
$InputFileTag logintc-authenticate
$InputFileStateFile logintc-authenticate-file1
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePersistStateInterval 1000
6. Save and quit from /etc/rsyslog.d/logintc.authenticate.conf:
:wq
7. Create a new configuration for radius.log:
sudo vi /etc/rsyslog.d/logintc.radius.conf
Contents:
$InputFileName /var/log/radius/radius.log
$InputFileTag logintc-radius
$InputFileStateFile logintc-radius-file1
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor
$InputFilePersistStateInterval 1000
8. Save and quit from /etc/rsyslog.d/logintc.radius.conf:
:wq
9. Restart rsyslog:
sudo service rsyslog restart
In order to test you can execute a login which uses that appliance and then:
sudo cat /var/log/messages | grep -i logintc
You should see some logs starting to show up in /var/log/messages.
Once confirmed, configure where the logs will be sent:
1. Modify /etc/rsyslog.conf:
sudo vi /etc/rsyslog.conf
2. For TCP Forwarding Add the following line below "# remote host is..." at the end of the file (port 601):
*.* @@remote-host:601
For UDP Forwarding Add the following line below "# remote host is..." at the end of the file (port 514):
*.* @remote-host:514
3. Example:
# remote host is: name/ip:port, e.g. 192.168.0.1:601, port optional
*.* @@remote-host:601
# ### end of the forwarding rule ###
NOTE: If you want to send logs to multiple syslog servers simply add a line per destination.
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @remote-host-1:514
*.* @remote-host-2:514
# ### end of the forwarding rule ###
4. Replace remote-host with the IP Address of your syslog server
5. Save and quit from /etc/rsyslog.conf:
:wq
6. Restart rsyslog:
sudo service rsyslog restart
/var/log/logintc/authenticate.log and /var/log/radius/radius.log logs will be sent to your your syslog server.
NOTE: We always recommend taking a VM snapshot and backing up affected files for rollback procedures.