Summary
Rsyslog is used in the CommIT environment to enable centralized logging. This allows the instances to use ephemeral storage as well as providing an copy of all logs on a different server in the event of a security breach. This document details how rsyslog is deployed in this environment.
Installation
rsyslog is installed by default on Amazon Linux and presumably most other Linux variations in EC2. The current deployed version is 5.8.10. This is important as the syntax of the configuration file, /etc/rsyslog.conf, has changed dramatically over the later versions. The current version is 8.X and the default documentation on http://www.rsyslog.com is for that version. Documentation for the 5.X version can be found here: http://www.rsyslog.com/doc/v5-stable/index.html.
Since we are using version 5.X, we use what are now called Legacy configuration directives.
An rsyslog server instances has been deployed and given an Elastic IP of 54.214.22.10.
Configuration
Starting and Stopping Rsyslog
[root@ip-10-252-20-14 ~]# /etc/init.d/rsyslog start
[root@ip-10-252-20-14 ~]# /etc/init.d/rsyslog stop
Enabling Debugging
export RSYSLOG_DEBUG=Debug
rsyslogd -d -n
rsyslogd -d -n