Happy Thanksgiving everyone!
This week I’ve been hearing quite a bit about Syslog and how much of a help it is when you’ve got multiple servers that need to be constantly monitored. Enter the long standing solution, syslog. Syslog has been around forever and like a lot of network administrators when I first learned about Syslog I didn’t have a need for it. I had so few computers back then that I didn’t see the need. Like so many I passed it off as an interesting idea and filed it away in my brain for future use. That time has come. It started out with just a simple task that I had in my CCDC club: setup a centralized log. Once I found out how easy it was to set up. My mind started racing about all the things I could do with this. (it’s literally just as simple as editing /etc/rsyslog.conf so that it points to your syslog server and then reloading the rsyslog service.) All of the sudden you gain insight about ALL of your computers and can see them all from one interface. Game changer!
With the things that have happened to the site over the past week, what I’ve learned recently from my cyber security classes and clubs and this video. I decided that I should really start getting syslog up and running in my own home lab network.
Linux has a syslog client built into it (that is to mean software that can send system logs OUT to a syslog server), which is typically in the forum of the rsyslog package. Further then that, there is the rsyslog server. Now this can be installed on Windows or Linux, but here you have a lot of choices. There is Kiwi Syslog Server, there is also Splunk, AlienVault, and more.