Syslog Server
Install
Install rsyslog
apt install rsyslog
Configure
Enable the server in /etc/rsyslog.conf by uncommenting the following lines.
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
Configure the log destination by adding
$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs
& ~
We can optionally define the allowed senders
$AllowedSender TCP, 127.0.0.1, 10.111.0.0/24
$AllowedSender UDP, 127.0.0.1, 10.111.0.0/24