CIT 470: Advanced Network & System Administration Syslog Configuration Introduct

CIT 470: Advanced Network & System Administration
Syslog Configuration
Introduct

CIT 470: Advanced Network & System Administration
Syslog Configuration
Introduction:
In this lab, you will configure syslog on two VMs, with one (the server) being configured to accept remote logs and the other (the client) to send them to the server. You will write two scripts to configure many of these settings. While you are permitted to use any programming language, bash is strongly recommended; it will make performing the tasks below easier.
Requirements:
Part 1: Server Configuration
On one of your VMs, configure it to accept remote logs from TCP port 514 (do not configure the firewall yet). In root’s home directory, create a file named remotelog.conf and copy the content from the documentation below into it (make sure you replace the given port with 514).
After you create the file, please create a script that performs the following:
Verify that the root user is signed in. If it is not, terminate the script.
Disable SELinux on the VM. Use text transformation to do this.
Ensure the rsyslog service is running.
oCreate a verification check to do this. If the service is found to not be running, start and enable it. If it is running, just enable it.
Open TCP port 514 on the firewall. Restart it after doing so.
Move the remotelog.conf file from root’s home directory to the appropriate location (check the documentation).
Restart the rsyslog service after making your configurations.
Part 2: Client Configuration
On a different VM, configure it to send its syslog messages to the syslog server. In root’s home directory, create a file named 10-remotelog.conf and copy the content from the documentation below into it (make sure you replace the given port with 514 and provide the server’s IP address in place of the given domain name).
After you create the file, please create a script that does the following:
Verify that the root user is signed in. If it is not, terminate the script.
Install the ipcalc utility on the VM (use the -y option to ensure the install happens automatically).
After this, have the script give the user the option to either perform the configuration steps below or send a test syslog message to the server.
oFor the user response, ask him or her to provide words such as “configure” and “test”, or letters such as “c” and “t”.
§You may support both words and letters if you wish, but it is not required.
oMake sure that the option the user selects is the only one performed. For example, if the user selects “test”, the configuration steps below should not be run.
If the user selects the test option, the script should do the following:
oRequest your syslog server’s IP address from the user and store it as a variable.
oVerify the IP address with ipcalc -c to ensure only valid ones are used. If the address is valid, have the script continue. If it is not, terminate the script.
oSend a test message using the logger command. This message should include your client’s IP address.
If the user selects the configuration option, the script should do the following:
oDisable SELinux on the VM. Use text transformation to do this.
oEnsure the rsyslog service is running.
§Create a verification check to do this. If the service is found to not be running, start and enable it. If it is running, just enable it.
oCopy the 10-remotelog.conf file from root’s home directory to the appropriate location mentioned in the documentation.
oRestart the rsyslog service after making your configurations.
If the user provides an invalid option, tell him or her and exit the script.
Documentation & Tips:
We strongly recommend the following documentation to complete this lab. Note that other guides contain configuration methods that no longer work, so we recommend this one:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/configuring-logging_configuring-basic-system-settings
oUse the steps that configure the server and client to use TCP. Skip the optional steps to use a custom port, as well as the others for TLS and UDP.
Here are some tips to keep in mind as you work on this lab:
To edit the SELinux files with your scripts, consider using Python’s replace() function or the sed command if writing with bash.
To check if the rsyslog service is running, consider using the exit status or the output of a command that can check it. The systemctl command has specific options that make the former easy to do.
Submission Instructions:
When you are finished, submit a Word document that contains the following:
The text you copied into both configuration files you made in root’s home directory.
The text from both of your scripts.
After configuring everything, send a logger message from the client, then run the following command on the server and capture its output with the following command:
ocat /var/log/remote/msg/[hostname]/cit470.log
§Replace hostname with your client’s name (this will most likely be localhost).
§If cit470.log does not exist, use root.log.
oThis screenshot should show one or more timestamped messages from the client’s logger commands.
oIf you are having trouble receiving the messages, reboot both VMs, then try again.