Wednesday, May 15, 2013

SYSLOG SERVER SETUP ON RHEL 6.3

Lab Scenerio := 
Syslog Server = 192.168.0.80 <============ Hostname mail  
Syslog client = 192.168.0.65  <============ Hostname storage 

Server Side Configuration = 

#|yum install rsyslog
bb                                                       | 4.0 kB     00:00     
bb/primary_db                                            | 3.1 MB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package rsyslog.x86_64 0:5.8.10-2.el6 will be installed
--> Processing Dependency: logrotate >= 3.5.2 for package: rsyslog-5.8.10-2.el6.x86_64
--> Running transaction check
---> Package logrotate.x86_64 0:3.7.8-15.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch             Version                Repository    Size
================================================================================
Installing:
 rsyslog             x86_64           5.8.10-2.el6           bb           647 k
Installing for dependencies:
 logrotate           x86_64           3.7.8-15.el6           bb            55 k

Transaction Summary
================================================================================
Install       2 Package(s)

Total download size: 702 k
Installed size: 2.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): logrotate-3.7.8-15.el6.x86_64.rpm                 |  55 kB     00:00     
(2/2): rsyslog-5.8.10-2.el6.x86_64.rpm                   | 647 kB     00:00     
--------------------------------------------------------------------------------
Total                                           3.9 MB/s | 702 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : logrotate-3.7.8-15.el6.x86_64                                1/2 
warning: /var/lib/logrotate.status created as /var/lib/logrotate.status.rpmnew
  Installing : rsyslog-5.8.10-2.el6.x86_64                                  2/2 
warning: /etc/rsyslog.conf created as /etc/rsyslog.conf.rpmnew
  Verifying  : rsyslog-5.8.10-2.el6.x86_64                                  1/2 
  Verifying  : logrotate-3.7.8-15.el6.x86_64                                2/2 

Installed:
  rsyslog.x86_64 0:5.8.10-2.el6                                                 

Dependency Installed:
  logrotate.x86_64 0:3.7.8-15.el6                                               

Complete!
 
2 .Step= Edit the rsyslog.conf file below like this 
            
            [root@mail log]# cat /etc/rsyslog.conf 
#rsyslog v3 config file

# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance

#### MODULES ####

$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so                                    <======  Uncomment this line
$InputTCPServerRun 514                           <====== Uncomment this line 

:FROMHOST-IP, isequal,"192.168.0.65" /var/log/servers.log     <============== Edit Here add Client Ip Add resss
& ~

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log



# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
          
3rd Step 
       # Restart the rsyslog service   
================================================================================


Client Side 

1. step Install rsyslog RPM 
 
2. Edit the rsyslog.conf file Below like this 

[root@storage ~]# cat /etc/rsyslog.conf
# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files                              ]
$ActionQueueFileName fwdRule1 # unique name prefix for spool files            ]
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)  ] <====================== Uncomment this line   
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown       ]
$ActionQueueType LinkedList   # run asynchronously                                     ]
$ActionResumeRetryCount -1    # infinite retries if host is down                       ]
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional   
*.* @@192.168.0.80:514              <=================================== Add the Syslog server Ip add 
# ### end of the forwarding rule ###


 # Restart the rsyslog Service   

Test configuration 
Client side run below command for Testing  

[root@storage ~]# logger "testing to remote rsyslog server"
[root@storage ~]# logger "testing to remote rsyslog server"
[root@storage ~]# logger "testing to remote rsyslog server"
[root@storage ~]# logger "testing to remote rsyslog server"



Check log on server side 

2013-05-11T12:46:27+05:08 storage root: testing to remote rsyslog server
2013-05-11T12:46:27+05:08 storage root: testing to remote rsyslog server
2013-05-11T12:46:27+05:08 storage root: testing to remote rsyslog server
2013-05-11T12:46:28+05:08 storage root: testing to remote rsyslog server

PXE BOOT SERVER WITH KICKSTART SERVER


Server := 192.168.0.75 ( yum server , pxe  server , dhcp server , ftpserver , kickstart server )

1 step : #  yum install syslinux tftp-server xinetd dhcp 
 
   2         # mount  /dev/sr0   /mnt <====RHEL 6.3 DVD 
    
     3      #  cd  /mnt/isolinux/ 
 
       4    # cp -rfv * /var/lib/tftpboot/
  
         5  # cd /var/lib/tftpboot/
 
           # ls ============>>> it will show total 35236
-r--r--r-- 1 root root     2048 Apr 22 16:34 boot.cat
-r--r--r-- 1 root root       84 Apr 22 16:34 boot.msg
-r--r--r-- 1 root root      334 Apr 22 16:34 grub.conf
-r--r--r-- 1 root root 30442765 Apr 22 16:34 initrd.img
-r--r--r-- 1 root root    24576 Apr 22 16:34 isolinux.bin
-r--r--r-- 1 root root      954 Apr 22 16:34 isolinux.cfg
-r--r--r-- 1 root root   165080 Apr 22 16:34 memtest
-rw-r--r-- 1 root root    26828 Apr 22 16:35 pxelinux.0
-r--r--r-- 1 root root  1236005 Apr 22 16:34 splash.jpg
-r--r--r-- 1 root root     2215 Apr 22 16:34 TRANS.TBL
-r--r--r-- 1 root root   162860 Apr 22 16:34 vesamenu.c32
-r-xr-xr-x 1 root root  3986992 Apr 22 16:34 vmlinuz


6  tftpboot  # mkdir pxelinux.cfg 
              
7  tftpboot# cp isolinux.cfg  pxelinux.cfg/default
  
8  # cp /usr/share/syslinux/pxelinux.0  /var/lib/tftpboot/  

 
9    # restorecon -Rv /var/lib/tftpboot/ 
 
 10  # vim /etc/xinetd.d/tftp

edit like this 

# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4

=================================================
 
11  # service xinetd restart; chkconfig xinetd on 


FOR KICK-START ADD the following line
Below like this

[root@network ~]# cat /var/lib/tftpboot/pxelinux.cfg/default 
default vesamenu.c32
#prompt 1
timeout 600

display boot.msg

menu background splash.jpg
menu title Welcome to Red Hat Enterprise Linux 6.3!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000

label linux
  menu label ^Install or upgrade an existing system
  menu default
  kernel vmlinuz
  append initrd=initrd.img network ks=ftp:/192.168.0.75/pub/REDHAT/ks.cfg <=== for a kick start.  
label vesa
  menu label Install system with ^basic video driver
  kernel vmlinuz
  append initrd=initrd.img xdriver=vesa nomodeset
label rescue
  menu label ^Rescue installed system
  kernel vmlinuz
  append initrd=initrd.img rescue
label local
  menu label Boot from ^local drive
  localboot 0xffff
label memtest86
  menu label ^Memory test
  kernel memtest
  append -

[root@network ~]# 
CONFIGURE THE ks.cfg file like this

[root@network ~]# cat /var/ftp/pub/REDHAT/ks.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="ftp://192.168.0.75/pub/REDHAT/"
# Root password
rootpw --iscrypted $1$CjDlI3aq$4p088wzspihZ2xZ0NZQzO/
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info

# System timezone
timezone  Asia/Kolkata
# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all  
# Disk partitioning information
part / --fstype="ext4" --size=10240
part swap --fstype="swap" --size=2048

%packages
@kde-desktop

%end
[root@network ~]# 

Save the kick-start config file in /var/ftp/pub/REDHAT/

#restart the vsftpd service.
#restart xinetd  service.

12#  cp -avr /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf  

13 # vim /etc/dhcp/dhcpd.conf  



subnet 10.254.239.0 netmask 255.255.255.224 {
  range 10.254.239.10 10.254.239.20;
  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

subnet 192.168.0.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.0.58 192.168.0.59;
  #option subnet-mask  255.255.255.0
  filename "/pxelinux.0";
  next-server 192.168.0.75;
  option broadcast-address 10.254.239.31;
  option routers rtr-239-32-1.example.org;
}

# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
  range 10.5.5.26 10.5.5.30;
  option domain-name-servers ns1.internal.example.org;
  option domain-name "internal.example.org";
  option routers 10.5.5.1;
  option broadcast-address 10.5.5.31;
  default-lease-time 600;
  max-lease-time 7200;
}

14 # edit like above this 

15 #    service dhcpd restart; chkconfig dhcpd on 

17  # vim /etc/yum.repos.d/server.repo on 

add ftp repo 
[Server]
baseurl=ftp://192.168.0.75/pub/REDHAT
enabled=1
gpgcheck=0
~                


18 #  copy dvd in to pub/REDHAT  dir 

     #  cp -avr /mnt/* /var/ftp/pub/REDHAT/ 

19 # restart vsftpd service  

thats its