Configure rsyslog in Linux

1. Install rsyslog (if not already installed)

sudo yum install rsyslog -y

2. Edit rsyslog Configuration

sudo vi /etc/rsyslog.conf

Uncomment or add the following line to enable UDP reception:

$ModLoad imudp
$UDPServerRun 514

3. Open Firewall Port (UDP 514)

sudo iptables -I INPUT -p udp -s 10.10.10.5 --dport 514 -j ACCEPT
sudo service iptables save

This saves the rules to /etc/sysconfig/iptables, if you receive error, install iptables-services

sudo yum install iptables-services -y
sudo service iptables save

4. Restart services

sudo systemctl restart iptables
sudo systemctl restart rsyslog

By default, rsyslog on Oracle Linux (and most RHEL-based systems) writes system log messages to:

• /var/log/messages — general system logs (info, warning, error, etc.)
• /var/log/secure — security/authentication logs
• /var/log/cron — cron job logs
• /var/log/maillog — mail server logs
• /var/log/spooler — printing/spooling logs
• /var/log/boot.log — boot process logs
• /var/log/dmesg — kernel ring buffer messages
• /var/log/yum.log — yum package manager logs

The exact log destinations are configured in /etc/rsyslog.conf