In the other article Syslog on Linux, I described how to use rsyslogd on Linux, it's for local host syslog logging. You can put the log files to the location that you want.

In some environment, you may want to centralize syslog info to a syslog server, so that you can analyze it or monitor it. For example, You may want to monitor suspicious connections on linux

Enable rsyslog on both server and client, then follow the following steps

On syslog server

1. Add module in /etc/rsyslog.conf

# for TCP use:
module(load="imtcp") # needs to be done just once 
input(type="imtcp" port="514")
# for UDP use:
module(load="imudp") # needs to be done just once 
input(type="imudp" port="514")
Legancy config
# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

2. Open port 514 in iptables and firewall(if there is one between server and client)

Added one line in /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

Restart iptable service
#/etc/init.d/iptables restart

3. catalog syslog message (optional)

The following rule will let centralized syslog to catalog syslog by host

$template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 

authpriv.*   ?TmplAuth
*.info,mail.none,authpriv.none,cron.none   ?TmplMsg

4. Rotate syslog directory

cat /etc/logrotate.d/syslog 
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

On client server

In /etc/rsyslog.conf, add the following lines in forwarding rule section

#### begin forwarding rule ###
# Forwarding syslog via TCP
*.* @@<syslogserver>:514

# Forwarding syslog via UDP
*.* @<syslogserver>:514