Open in app

Sign in

Write

Sign in

[ Tutorial Logs Forwarding ] Access.log to Syslog

Danang Tri Atmaja
1 min readSep 11, 2019

--

# nano /etc/rsyslog.conf

Add to your rsyslog configuration file :

*.* @172.xx.xx.xx:514
*.* @192.xxx.xx.xx:514

Description :

  1. 172.xx.xx.xx as your IP source log access.log
  2. 192.xxx.xx.xx as receiver your access.log

Add this command on line terminal rsyslog.conf

module(load="imfile" PollingInterval="10")

# Apache access file:
input(type="imfile"
      File="/var/log/apache2/access.log"
      Tag="apache-access"
      Severity="info")

# Apache error file:
input(type="imfile"
      File="/var/log/apache2/error.log"
      Tag="apache-error"
      Severity="info")

And then …

sudo service rsyslog restart

And see your log on syslog

# tail -f /var/log/syslog

exploit@exploit-X456UF  /var/log/apache2  tail -f /var/log/syslog
Sep 11 13:50:42 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:42 +0700] “GET / HTTP/1.1” 200 3477 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”
Sep 11 13:50:43 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:43 +0700] “GET /icons/ubuntu-logo.png HTTP/1.1” 304 180 “http://172.16.4.28/" “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”
Sep 11 13:50:43 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:43 +0700] “GET / HTTP/1.1” 200 3476 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”
Sep 11 13:50:43 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:43 +0700] “GET /icons/ubuntu-logo.png HTTP/1.1” 304 180 “http://172.16.4.28/" “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”
Sep 11 13:50:43 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:43 +0700] “GET / HTTP/1.1” 200 3476 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”
Sep 11 13:50:43 exploit-X456UF apache-access 172.16.4.28 — — [11/Sep/2019:13:50:43 +0700] “GET /icons/ubuntu-logo.png HTTP/1.1” 304 180 “http://172.16.4.28/" “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”

Regards, Danang TA

Docker
Rsyslog

--

--

Danang Tri Atmaja
Danang Tri Atmaja

Written by Danang Tri Atmaja

474 Followers
2 Following

IT Security { enthusiast } — Penetration Tester PT. ITSEC Asia

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams