The Pandora FMS syslog server needs a unique log storage log in which it will receive all the logs coming from the different configured devices so that later the syslog server will process them and send them to Elasticsearch.
In case we do not have the rsyslog service in the Pandora FMS server, we should install it:
yum -y install rsyslog
Once installed, we should have correctly configured the following parameters in the /etc/rsyslog.conf file:
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
This way we will have enabled port 514 for listening and all the received logs will be written in /var/log/messages. In case we want to use a different file, we will modify it in that line. In the case of having firewall running in the system, we will have to have that port open.
Once configured correctly we will have to start the rsyslog service.
# systemctl start rsyslog
Once the service is started, the listening port will be raised and we will start receiving all the logs that we are sending from the different devices on the network.
tcp 0 0 0 0.0.0.0.0:514 0.0.0.0:* LISTEN 4096/rsyslogd
- See also:
https://pandorafms.com/manual/en/documentation/03_monitoring/09_log_monitoring