Monitoring and logging

Configure remote syslog logging

Store logs on a remote host to protect log integrity from tampering or loss and ensure centralized storage. Enable automated alerts for suspicious activity.

1. On each cluster node, prepare a configuration in the /etc/rsyslog.d/XX-remotelog file with the following content:

   *.* action(type="omfwd" queue.filename="fwdallfile" queue.maxdiskspace="1g" queue.saveonshutdown="on" queue.type="LinkedList" action.resumeRetryCount="-1" target="syslog.example.com" port="514" protocol="tcp")

2. Restart syslogd:

   # systemctl restart rsyslog.service

Configure journald to send logs to rsyslog

Use rsyslog for consistent and reliable remote log collection. This standardizes journald log exports and simplifies long-term retention and analysis.

In the /etc/systemd/journald.conf file, add the following line:

ForwardToSyslog=yes