Syslog server installation.

Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server.

Installation on debian distros

Most linux systems have syslog installed by default. If the service is not there, install the package sudo apt install rsylog

Configuration of syslog server

The default configuration file is /etc/rsyslog.conf

Edit the configuration file to allow remote device to send logs to the server

sudo nano /etc/rsyslog.conf

Add below lines if they are missing or uncomment if they are commented

module(load="imudp")
 input(type="imudp" port="514")

module(load="imtcp")
 input(type="imtcp" port="514")

This will cause the syslog messages sent by remote systems to be recorded in the default syslog file /var/log/syslog
We can give a directive to direct the logs to a different directory instead as defined below

$template remote-incoming logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
 *.* ?remote-incoming-logs
 & ~

Note: This template affects the local logs for this server too. While using this template the logs will be recorded in
/var/log/device-hostname/program-generating-the-log.log

Thus each device will have a separate directory. Save the config file and restart the service
sudo service rsyslog restart