Dave Rendón Microsoft Azure MVP, embracing and fostering tech intensity to benefit society and thrive in a digital world.

Enable remote logging on Azure Ubuntu VM

1 min read

remote-logging-ubuntu-vm-azure-wikiazure

This article shows how to enable remote logging on Azure Ubuntu VM. The objective is to receive logs from a different machine on this Ubuntu VM running on Azure.

Pre-requisites

  • Provision your Ubuntu VM on Azure
  • Rsyslog (installed by default)

Steps to enable remote logging on Azure Ubuntu VM

Login as root  

sudo -i
00-remote-logging-ubuntu-vm-azure-wikiazure

Open the rsyslog file configuration

vi /etc/rsyslog.conf

Uncomment the following lines to make your ubuntu VM to listen on the udp and tcp ports:

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
01-remote-logging-ubuntu-vm-azure-wikiazure

Save and close the file.  

  1. Press Esc
  2. Type “:wq”
  3. Press Enter

Now create a template file where we will create a new custom log format under the /etc/rsyslog.d/ directory

vi /etc/rsyslog.d/tmpl.conf
02-remote-logging-ubuntu-vm-azure-wikiazure

Add the following lines:

$template Tmplvlm, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsgvlm, "/var/log/client_logs/%HOSTNAME%/%PROGRAMNAME%.log"

authpriv.* ?Tmplvlm
*.info;mail.none;authpriv.none;cron.none ?TmplMsgvlm
03-remote-logging-ubuntu-vm-azure-wikiazure

Save and close the file.  

  1. Press Esc
  2. Type “:wq”
  3. Press Enter

The following steps apply only if you have the firewall enabled. If that´s the case then you need to allow Rsyslog default port 514. The following commands will open this port via UFW:

sudo ufw allow 514/tcp
sudo ufw allow 514/udp

 Restart UFW service to take effect the changes:

sudo ufw reload

Finally reload the Rsyslog Service using the following command:

systemctl restart rsyslog
04-remote-logging-ubuntu-vm-azure-wikiazure

Now you should be able to receive logs from a remote machine. Check that  the service is listening on configured ports:

sudo ss -tulnp | grep "rsyslog"
05-remote-logging-ubuntu-vm-azure-wikiazure

Now add a new inbound rule on the Network Security Group associated to the Ubuntu VM. Go to the Azure Portal, select your Ubuntu VM, choose networking options, “add inbound port rule”

Now you can start sending logs from a remote machine to this Ubuntu VM on Azure. You can review the logs on the following path: “/var/logs/client_logs”

*Note: if you want to enable remote desktop on your Ubuntu VM: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/use-remote-desktop

06-remote-logging-ubuntu-vm-azure-wikiazure
07-remote-logging-ubuntu-vm-azure-wikiazure

Now you will be able to review the logs from the remote client on your Ubuntu VM on Azure.

Dave Rendón Microsoft Azure MVP, embracing and fostering tech intensity to benefit society and thrive in a digital world.
«
»

Connect Kemp LoadMaster data to Azure Sentinel

Dave Rendón
Oct 7, 2020 4 min read

Move VHD to Azure and create Virtual Machine image…

Dave Rendón
Jul 15, 2020 3 min read

Disaster recovery with Azure DNS Zones and Kemp LoadMaster…

Dave Rendón
May 13, 2020 20 min read

One Reply to “Enable remote logging on Azure Ubuntu VM”

  1. Pingback: Connect Kemp LoadMaster data to Azure Sentinel - WikiAzure

Leave a Reply

Your email address will not be published. Required fields are marked *