This article shows how to enable remote logging on Azure Ubuntu VM. The objective is to receive logs from a different machine on this Ubuntu VM running on Azure.
Pre-requisites
- Provision your Ubuntu VM on Azure
- Rsyslog (installed by default)
Steps to enable remote logging on Azure Ubuntu VM
Login as root
sudo -i

Open the rsyslog file configuration
vi /etc/rsyslog.conf
Uncomment the following lines to make your ubuntu VM to listen on the udp and tcp ports:
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

Save and close the file.
- Press Esc
- Type “:wq”
- Press Enter
Now create a template file where we will create a new custom log format under the /etc/rsyslog.d/ directory
vi /etc/rsyslog.d/tmpl.conf

Add the following lines:
$template Tmplvlm, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsgvlm, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?Tmplvlm
*.info;mail.none;authpriv.none;cron.none ?TmplMsgvlm

Save and close the file.
- Press Esc
- Type “:wq”
- Press Enter
The following steps apply only if you have the firewall enabled. If that´s the case then you need to allow Rsyslog default port 514. The following commands will open this port via UFW:
sudo ufw allow 514/tcp
sudo ufw allow 514/udp
Restart UFW service to take effect the changes:
sudo ufw reload
Finally reload the Rsyslog Service using the following command:
systemctl restart rsyslog

Now you should be able to receive logs from a remote machine. Check that the service is listening on configured ports:
sudo ss -tulnp | grep "rsyslog"

Now add a new inbound rule on the Network Security Group associated to the Ubuntu VM. Go to the Azure Portal, select your Ubuntu VM, choose networking options, “add inbound port rule”

Now you can start sending logs from a remote machine to this Ubuntu VM on Azure. You can review the logs on the following path: “/var/logs/client_logs”
*Note: if you want to enable remote desktop on your Ubuntu VM: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/use-remote-desktop


Now you will be able to review the logs from the remote client on your Ubuntu VM on Azure.
One Reply to “Enable remote logging on Azure Ubuntu VM”