Este conteúdo não está disponível no idioma selecionado.
Chapter 14. Configuring a remote logging solution
To ensure that logs from various machines in your environment are recorded centrally on a logging server, you can configure the Rsyslog application to record logs that fit specific criteria from the client system to the server.
14.1. The Rsyslog logging service
				The Rsyslog application, in combination with the systemd-journald service, provides local and remote logging support in Red Hat Enterprise Linux. The rsyslogd daemon continuously reads syslog messages received by the systemd-journald service from the Journal. rsyslogd then filters and processes these syslog events and records them to rsyslog log files or forwards them to other services according to its configuration.
			
				The rsyslogd daemon also provides extended filtering, encryption protected relaying of messages, input and output modules, and support for transportation using the TCP and UDP protocols.
			
				In /etc/rsyslog.conf, which is the main configuration file for rsyslog, you can specify the rules according to which rsyslogd handles the messages. Generally, you can classify messages by their source and topic (facility) and urgency (priority), and then assign an action that should be performed when a message fits these criteria.
			
				In /etc/rsyslog.conf, you can also see a list of log files maintained by rsyslogd. Most log files are located in the /var/log/ directory. Some applications, such as httpd and samba, store their log files in a subdirectory within /var/log/.
			
14.2. Installing Rsyslog documentation
				The Rsyslog application has extensive online documentation that is available at https://www.rsyslog.com/doc/, but you can also install the rsyslog-doc documentation package locally.
			
Prerequisites
- 
						You have activated the AppStreamrepository on your system.
- 
						You are authorized to install new packages using sudo.
Procedure
- Install the - rsyslog-docpackage:- dnf install rsyslog-doc - # dnf install rsyslog-doc- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- Open the - /usr/share/doc/rsyslog/html/index.htmlfile in a browser of your choice, for example:- firefox /usr/share/doc/rsyslog/html/index.html & - $ firefox /usr/share/doc/rsyslog/html/index.html &- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
14.3. Configuring a server for remote logging over TCP
The Rsyslog application enables you to both run a logging server and configure individual systems to send their log files to the logging server. To use remote logging through TCP, configure both the server and the client. The server collects and analyzes the logs sent by one or more client systems.
With the Rsyslog application, you can maintain a centralized logging system where log messages are forwarded to a server over the network. To avoid message loss when the server is not available, you can configure an action queue for the forwarding action. This way, messages that failed to be sent are stored locally until the server is reachable again. Note that such queues cannot be configured for connections using the UDP protocol.
				The omfwd plug-in provides forwarding over UDP or TCP. The default protocol is UDP. Because the plug-in is built in, it does not have to be loaded.
			
				By default, rsyslog uses TCP on port 514.
			
Prerequisites
- Rsyslog is installed on the server system.
- 
						You are logged in as rooton the server.
- 
						The policycoreutils-python-utilspackage is installed for the optional step using thesemanagecommand.
- 
						The firewalldservice is running.
Procedure
- Optional: To use a different port for - rsyslogtraffic, add the- syslogd_port_tSELinux type to port. For example, enable port- 30514:- semanage port -a -t syslogd_port_t -p tcp 30514 - # semanage port -a -t syslogd_port_t -p tcp 30514- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: To use a different port for - rsyslogtraffic, configure- firewalldto allow incoming- rsyslogtraffic on that port. For example, allow TCP traffic on port- 30514:- firewall-cmd --zone=<zone-name> --permanent --add-port=30514/tcp firewall-cmd --reload - # firewall-cmd --zone=<zone-name> --permanent --add-port=30514/tcp success # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Create a new file in the - /etc/rsyslog.d/directory named, for example,- remotelog.conf, and insert the following content:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Save the changes to the /etc/rsyslog.d/remotelog.conffile.
- Test the syntax of the - /etc/rsyslog.conffile:- rsyslogd -N 1 - # rsyslogd -N 1 rsyslogd: version 8.1911.0-2.el8, config validation run... rsyslogd: End of config validation run. Bye.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Make sure the - rsyslogservice is running and enabled on the logging server:- systemctl status rsyslog - # systemctl status rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If - rsyslogis not enabled, ensure the- rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Your log server is now configured to receive and store log files from the other systems in your environment.
14.4. Configuring remote logging to a server over TCP
				You can configure a system for forwarding log messages to a server over the TCP protocol. The omfwd plug-in provides forwarding over UDP or TCP. The default protocol is UDP. Because the plug-in is built in, you do not have to load it.
			
Prerequisites
- 
						The rsyslogpackage is installed on the client systems that should report to the server.
- You have configured the server for remote logging.
- The specified port is permitted in SELinux and open in firewall.
- 
						The system contains the policycoreutils-python-utilspackage, which provides thesemanagecommand for adding a non-standard port to the SELinux configuration.
Procedure
- Create a new file in the - /etc/rsyslog.d/directory named, for example,- 10-remotelog.conf, and insert the following content:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where: - 
								The queue.type="linkedlist"setting enables a LinkedList in-memory queue,
- 
								The queue.filenamesetting defines a disk storage. The backup files are created with theexample_fwdprefix in the working directory specified by the preceding globalworkDirectorydirective.
- 
								The action.resumeRetryCount -1setting preventsrsyslogfrom dropping messages when retrying to connect if server is not responding,
- 
								The queue.saveOnShutdown="on"setting saves in-memory data ifrsyslogshuts down.
- The last line forwards all received messages to the logging server. Port specification is optional. - With this configuration, - rsyslogsends messages to the server but keeps messages in memory if the remote server is not reachable. A file on disk is created only if- rsyslogruns out of the configured memory queue space or needs to shut down, which benefits the system performance.
 Note- Rsyslog processes configuration files - /etc/rsyslog.d/in the lexical order.
- 
								The 
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
To verify that the client system sends messages to the server, follow these steps:
- On the client system, send a test message: - logger test - # logger test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- On the server system, view the - /var/log/messageslog, for example:- cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test - # cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where hostname is the host name of the client system. Note that the log contains the user name of the user that entered the - loggercommand, in this case- root.
14.5. Configuring TLS-encrypted remote logging
By default, Rsyslog sends remote-logging communication in the plain text format. If your scenario requires to secure this communication channel, you can encrypt it using TLS.
To use encrypted transport through TLS, configure both the server and the client. The server collects and analyzes the logs sent by one or more client systems.
				You can use either the ossl network stream driver (OpenSSL) or the gtls stream driver (GnuTLS).
			
If you have a separate system with higher security, for example, a system that is not connected to any network or has stricter authorizations, use the separate system as the certifying authority (CA).
				You can customize your connection settings with stream drivers on the server side on the global, module, and input levels, and on the client side on the global and action levels. The more specific configuration overrides the more general configuration. This means, for example, that you can use ossl in global settings for most connections and gtls on the input and action settings only for specific connections.
			
Prerequisites
- 
						You have rootaccess to both the client and server systems.
- The following packages are installed on the server and the client systems: - 
								The rsyslogpackage.
- 
								For the osslnetwork stream driver, thersyslog-opensslpackage.
- 
								For the gtlsnetwork stream driver, thersyslog-gnutlspackage.
- 
								For generating certificates by using the certtoolcommand, thegnutls-utilspackage.
 
- 
								The 
- On your logging server, the following certificates are in the - /etc/pki/ca-trust/source/anchors/directory and your system configuration is updated by using the- update-ca-trustcommand:- 
								ca-cert.pem- a CA certificate that can verify keys and certificates on logging servers and clients.
- 
								server-cert.pem- a public key of the logging server.
- 
								server-key.pem- a private key of the logging server.
 
- 
								
- On your logging clients, the following certificates are in the - /etc/pki/ca-trust/source/anchors/directory and your system configuration is updated by using- update-ca-trust:- 
								ca-cert.pem- a CA certificate that can verify keys and certificates on logging servers and clients.
- 
								client-cert.pem- a public key of a client.
- 
								client-key.pem- a private key of a client.
- If the server runs RHEL 9.2 or later and FIPS mode is enabled, clients must either support the Extended Master Secret (EMS) extension or use TLS 1.3. TLS 1.2 connections without EMS fail. For more information, see the Red Hat Knowledgebase solution TLS extension "Extended Master Secret" enforced.
 
- 
								
Procedure
- Configure the server for receiving encrypted logs from your client systems: - 
								Create a new file in the /etc/rsyslog.d/directory named, for example,securelogser.conf.
- To encrypt the communication, the configuration file must contain paths to certificate files on your server, a selected authentication method, and a stream driver that supports TLS encryption. Add the following lines to the - /etc/rsyslog.d/securelogser.conffile:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- If you prefer the GnuTLS driver, use the - StreamDriver.Name="gtls"configuration option. See the documentation installed with the- rsyslog-docpackage for more information about less strict authentication modes than- x509/name.
- Optional: From Rsyslog version 8.2310, which is provided in RHEL 9.4, you can customize the connection configuration. To do so, replace the - inputsection with the following:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
										Replace <driver>withosslorgtlsdepending on the driver you want to use.
- 
										Replace <ca1>with the CA certificate,<server1-cert>with the certificate, and<server1-key>with the key of the customized connection.
 
- 
										Replace 
- 
								Save the changes to the /etc/rsyslog.d/securelogser.conffile.
- Verify the syntax of the - /etc/rsyslog.conffile and any files in the- /etc/rsyslog.d/directory:- rsyslogd -N 1 - # rsyslogd -N 1 rsyslogd: version 8.1911.0-2.el8, config validation run (level 1)... rsyslogd: End of config validation run. Bye.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Make sure the - rsyslogservice is running and enabled on the logging server:- systemctl status rsyslog - # systemctl status rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - rsyslogservice:- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If Rsyslog is not enabled, ensure the - rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- 
								Create a new file in the 
- Configure clients for sending encrypted logs to the server: - 
								On a client system, create a new file in the /etc/rsyslog.d/directory named, for example,securelogcli.conf.
- Add the following lines to the - /etc/rsyslog.d/securelogcli.conffile:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- If you prefer the GnuTLS driver, use the - StreamDriver.Name="gtls"configuration option.
- Optional: From Rsyslog version 8.2310, which is provided in RHEL 9.4, you can customize the connection configuration. To do so, replace the - actionsection with the following:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 
										Replace <driver>withosslorgtlsdepending on the driver you want to use.
- 
										Replace <ca1>with the CA certificate,<client1-cert>with the certificate, and<client1-key>with the key of the customized connection.
 
- 
										Replace 
- 
								Save the changes to the /etc/rsyslog.d/securelogcli.conffile.
- Verify the syntax of the - /etc/rsyslog.conffile and other files in the- /etc/rsyslog.d/directory:- rsyslogd -N 1 - # rsyslogd -N 1 rsyslogd: version 8.1911.0-2.el8, config validation run (level 1)... rsyslogd: End of config validation run. Bye.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Make sure the - rsyslogservice is running and enabled on the logging server:- systemctl status rsyslog - # systemctl status rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - rsyslogservice:- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If Rsyslog is not enabled, ensure the - rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- 
								On a client system, create a new file in the 
Verification
To verify that the client system sends messages to the server, follow these steps:
- On the client system, send a test message: - logger test - # logger test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- On the server system, view the - /var/log/messageslog, for example:- cat /var/log/remote/msg/<hostname>/root.log Feb 25 03:53:17 <hostname> root[6064]: test - # cat /var/log/remote/msg/<hostname>/root.log Feb 25 03:53:17 <hostname> root[6064]: test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where - <hostname>is the hostname of the client system. Note that the log contains the user name of the user that entered the logger command, in this case- root.
14.6. Configuring a server for receiving remote logging information over UDP
				The Rsyslog application enables you to configure a system to receive logging information from remote systems. To use remote logging through UDP, configure both the server and the client. The receiving server collects and analyzes the logs sent by one or more client systems. By default, rsyslog uses UDP on port 514 to receive log information from remote systems.
			
Follow this procedure to configure a server for collecting and analyzing logs sent by one or more client systems over the UDP protocol.
Prerequisites
- Rsyslog is installed on the server system.
- 
						You are logged in as rooton the server.
- 
						The policycoreutils-python-utilspackage is installed for the optional step using thesemanagecommand.
- 
						The firewalldservice is running.
Procedure
- Optional: To use a different port for - rsyslogtraffic than the default port- 514:- Add the - syslogd_port_tSELinux type to the SELinux policy configuration, replacing- portnowith the port number you want- rsyslogto use:- semanage port -a -t syslogd_port_t -p udp portno - # semanage port -a -t syslogd_port_t -p udp portno- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Configure - firewalldto allow incoming- rsyslogtraffic, replacing- portnowith the port number and- zonewith the zone you want- rsyslogto use:- firewall-cmd --zone=zone --permanent --add-port=portno/udp firewall-cmd --reload - # firewall-cmd --zone=zone --permanent --add-port=portno/udp success # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Reload the firewall rules: - firewall-cmd --reload - # firewall-cmd --reload- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Create a new - .conffile in the- /etc/rsyslog.d/directory, for example,- remotelogserv.conf, and insert the following content:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where - 514is the port number- rsysloguses by default. You can specify a different port instead.
- Verify the syntax of the - /etc/rsyslog.conffile and all- .conffiles in the- /etc/rsyslog.d/directory:- rsyslogd -N 1 - # rsyslogd -N 1 rsyslogd: version 8.1911.0-2.el8, config validation run...- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If - rsyslogis not enabled, ensure the- rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
14.7. Configuring remote logging to a server over UDP
				You can configure a system for forwarding log messages to a server over the UDP protocol. The omfwd plug-in provides forwarding over UDP or TCP. The default protocol is UDP. Because the plug-in is built in, you do not have to load it.
			
Prerequisites
- 
						The rsyslogpackage is installed on the client systems that should report to the server.
- You have configured the server for remote logging as described in Configuring a server for receiving remote logging information over UDP.
Procedure
- Create a new - .conffile in the- /etc/rsyslog.d/directory, for example,- 10-remotelogcli.conf, and insert the following content:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where: - 
								The queue.type="linkedlist"setting enables a LinkedList in-memory queue.
- 
								The queue.filenamesetting defines a disk storage. The backup files are created with theexample_fwdprefix in the working directory specified by the preceding globalworkDirectorydirective.
- 
								The action.resumeRetryCount -1setting preventsrsyslogfrom dropping messages when retrying to connect if the server is not responding.
- 
								The enabled queue.saveOnShutdown="on"setting saves in-memory data ifrsyslogshuts down.
- 
								The portnovalue is the port number you wantrsyslogto use. The default value is514.
- The last line forwards all received messages to the logging server, port specification is optional. - With this configuration, - rsyslogsends messages to the server but keeps messages in memory if the remote server is not reachable. A file on disk is created only if- rsyslogruns out of the configured memory queue space or needs to shut down, which benefits the system performance.
 Note- Rsyslog processes configuration files - /etc/rsyslog.d/in the lexical order.
- 
								The 
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If - rsyslogis not enabled, ensure the- rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
To verify that the client system sends messages to the server, follow these steps:
- On the client system, send a test message: - logger test - # logger test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- On the server system, view the - /var/log/remote/msg/hostname/root.loglog, for example:- cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test - # cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where - hostnameis the host name of the client system. Note that the log contains the user name of the user that entered the logger command, in this case- root.
14.8. Load balancing helper in Rsyslog
				When used in a cluster, you can improve Rsyslog load balancing by modifying the RebindInterval setting.
			
				RebindInterval specifies an interval at which the current connection is broken and is re-established. This setting applies to TCP, UDP, and RELP traffic. The load balancers perceive it as a new connection and forward the messages to another physical target system.
			
				RebindInterval is helpful in scenarios when a target system has changed its IP address. The Rsyslog application caches the IP address when the connection is established, therefore, the messages are sent to the same server. If the IP address changes, the UDP packets are lost until the Rsyslog service restarts. Re-establishing the connection ensures the IP is resolved by DNS again.
			
Example usage of RebindInterval for TCP, UDP, and RELP traffic
action(type="omfwd" protocol="tcp" RebindInterval="250" target="example.com" port="514" …) action(type="omfwd" protocol="udp" RebindInterval="250" target="example.com" port="514" …) action(type="omrelp" RebindInterval="250" target="example.com" port="6514" …)
action(type="omfwd" protocol="tcp" RebindInterval="250" target="example.com" port="514" …)
action(type="omfwd" protocol="udp" RebindInterval="250" target="example.com" port="514" …)
action(type="omrelp" RebindInterval="250" target="example.com" port="6514" …)14.9. Configuring reliable remote logging
				With the Reliable Event Logging Protocol (RELP), you can send and receive syslog messages over TCP with a much reduced risk of message loss. RELP provides reliable delivery of event messages, which makes it useful in environments where message loss is not acceptable. To use RELP, configure the imrelp input module, which runs on the server and receives the logs, and the omrelp output module, which runs on the client and sends logs to the logging server.
			
Prerequisites
- 
						You have installed the rsyslog,librelp, andrsyslog-relppackages on the server and the client systems.
- The specified port is permitted in SELinux and open in the firewall.
Procedure
- Configure the client system for reliable remote logging: - On the client system, create a new - .conffile in the- /etc/rsyslog.d/directory named, for example,- relpclient.conf, and insert the following content:- module(load="omrelp") *.* action(type="omrelp" target="_target_IP_" port="_target_port_") - module(load="omrelp") *.* action(type="omrelp" target="_target_IP_" port="_target_port_")- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where: - 
										target_IPis the IP address of the logging server.
- 
										target_portis the port of the logging server.
 
- 
										
- 
								Save the changes to the /etc/rsyslog.d/relpclient.conffile.
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If - rsyslogis not enabled, ensure the- rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Configure the server system for reliable remote logging: - On the server system, create a new - .conffile in the- /etc/rsyslog.d/directory named, for example,- relpserv.conf, and insert the following content:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where: - 
										log_pathspecifies the path for storing messages.
- 
										target_portis the port of the logging server. Use the same value as in the client configuration file.
 
- 
										
- 
								Save the changes to the /etc/rsyslog.d/relpserv.conffile.
- Restart the - rsyslogservice.- systemctl restart rsyslog - # systemctl restart rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: If - rsyslogis not enabled, ensure the- rsyslogservice starts automatically after reboot:- systemctl enable rsyslog - # systemctl enable rsyslog- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
Verification
To verify that the client system sends messages to the server, follow these steps:
- On the client system, send a test message: - logger test - # logger test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- On the server system, view the log at the specified - log_path, for example:- cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test - # cat /var/log/remote/msg/hostname/root.log Feb 25 03:53:17 hostname root[6064]: test- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Where - hostnameis the host name of the client system. Note that the log contains the user name of the user that entered the logger command, in this case- root.
14.10. Supported Rsyslog modules
To expand the functionality of the Rsyslog application, you can use specific modules. Modules provide additional inputs (Input Modules), outputs (Output Modules), and other functionalities. A module can also provide additional configuration directives that become available after you load the module.
You can list the input and output modules installed on your system by entering the following command:
ls /usr/lib64/rsyslog/{i,o}m*
# ls /usr/lib64/rsyslog/{i,o}m*
				You can view the list of all available rsyslog modules in the /usr/share/doc/rsyslog/html/configuration/modules/idx_output.html file after you install the rsyslog-doc package.
			
14.11. Configuring the netconsole service to log kernel messages to a remote host
				When logging to disk or using a serial console is not possible, you can use the netconsole kernel module and the same-named service to log kernel messages over a network to a remote rsyslog service.
			
Prerequisites
- 
						A system log service, such as rsyslogis installed on the remote host.
- The remote system log service is configured to receive incoming log entries from this host.
Procedure
- Install the - netconsole-servicepackage:- dnf install netconsole-service - # dnf install netconsole-service- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Edit the - /etc/sysconfig/netconsolefile and set the- SYSLOGADDRparameter to the IP address of the remote host:- SYSLOGADDR=192.0.2.1 - # SYSLOGADDR=192.0.2.1- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Enable and start the - netconsoleservice:- systemctl enable --now netconsole - # systemctl enable --now netconsole- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Verification
- 
						Display the /var/log/messagesfile on the remote system log server.