Monitoring and logging
Configure remote syslog logging
Store logs on a remote host to protect log integrity from tampering or loss and ensure centralized storage. Enable automated alerts for suspicious activity.
-
On each cluster node, prepare a configuration in the /etc/rsyslog.d/XX-remotelog file with the following content:
*.* action(type="omfwd" queue.filename="fwdallfile" queue.maxdiskspace="1g" queue.saveonshutdown="on" queue.type="LinkedList" action.resumeRetryCount="-1" target="syslog.example.com" port="514" protocol="tcp")
-
Restart
syslogd
:# systemctl restart rsyslog.service
Configure journald to send logs to rsyslog
Use rsyslog
for consistent and reliable remote log collection. This standardizes journald
log exports and simplifies long-term retention and analysis.
In the /etc/systemd/journald.conf file, add the following line:
ForwardToSyslog=yes