=====RSyslog Server Configuration=====
It will be assumed that you have already upgraded your RSyslog via the [[user:ryoung12:portfolio:start#upgrading_to_rsyslog_v442-1|upgrade instructions]].
You need to install the MySQL plugin module for RSyslog so that it can communicate with the MySQL server.
Once the RSyslog-MySQL package has been installed, you will be asked a series of questions to create the MySQL database that will be used by RSyslog to store the log files.
I selected yes.
You will then be prompted to enter the password for the "root" user of MySQL as configured during our install of MySQL-server.
Next you will be asked to provide, and then confirm a password for the user "rsyslog", which will be user RSyslog uses to connect to the MySQL database.
the RSyslog-MySQL plugin should now be installed and configured.
===Installing the RSyslog-GnuTLS plugin===You need to install the GnuTLS plugin to configure the syslog server to accept incoming TLS connections from the syslog clients.
On your CA, you need to generate a machine certificate for the RSyslog server machine.
On the Certificate Authority:
Create the private machine key.
Generate the public machine certificate request. You will be asked to enter several pieces of pertinent information. You can just press enter to skip over any field.
I answered:
Once you have the request file for the public certificate, you can generate the public machine certificate. Again you will be asked to enter some information.
I entered:
You will then be shown the resultant certificate file and asked if the information is correct. I entered 'y'.
Delete the request.pem file, rename the key.pem and cert.pem files, and change their access permissions.
Now you need to copy ca.pem, key.pem, and cert.pem to the RSyslog server.
Back on the RSyslog Server:
You need to put ca.pem, key.pem, and cert.pem in the /rsyslog/protected/ directory. You may need to create these directories first.
Now we need to update our /etc/rsyslog.conf file.
$ModLoad imuxsock # local messages
$ModLoad imtcp # TCP listener
$ModLoad ommysql # MySQL plugin
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
# server authentication settings
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.student.lab
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514
# MySQL database login settings
*.* :ommysql:127.0.0.1,Syslog,rsyslog,mSySs4qPl
===Restart the RSyslog Service===
Now we need to restart the RSyslog service to apply the changes.
That's it. Our syslog server is configured. Later we'll come back and install LogAnalyzer, a PHP-powered graphical front end for viewing and searching the log files stored in the syslog database.