technical:remote_syslog_setup

This is an old revision of the document!

+I have been working on a simple SYSLOG project to gather scanning data off of host around the internet and centralize it. The no telling what I will do with the data at that point. Its a project I thought of a while back and I nicknamed it TopTalkers. Basically this is the setup I am going for, very simple a remote syslog server with two host sending it traffic.

I would grow the idea from there with more host and then I wanted to write the session data to a PostgresDB. Kind of a poor mans SEIM or a smart mans method of not paying Cisco for Splunk or Microsoft for Sentinel.

I had worked on a project like this a couple of years/versions of Debian ago and it was always a debate between rsyslog and syslog-ng. After setting up the three servers I logged into the syslog01 server and went into /var/log/ and things looked different. First off there was a README file in the directory!

I am going to move the sidebar conversation to the blog instead of taking up this whole technical discussion with journald vs syslog debate. Alright lets get back to some remote logging shall we???

So I am going to start this off and load rsyslog and UFW on the logger servers then I will go from there. I am using UFW for basic firewall configs it makes things way easier when building basic rules. 

root@logger01:~# apt install rsyslog ufw
  • technical/remote_syslog_setup.1749011196.txt.gz
  • Last modified: 2025/06/04 04:26
  • by super_stunder