How To Set Up a Raspberry Pi Syslog Server

View all your devices log messages in a single place.

This tutorial will show you how to set up a Raspberry Pi Syslog server with a Raspbian distro and see all logs in one place.

It also works with other distros, it’s a very simple and straigth forward tutorial.

STEPS

If you already have one up and running, follow the next steps.

Install the service rsyslog

elric@PlaceForTech:~$ sudo apt install rsyslog

Then edit the file /etc/rsyslog.conf

elric@PlaceForTech:~$ sudo nano /etc/rsyslog.conf

Here you will look for the following lines and uncomment them.

# provides UDP syslog reception
#module (load="imudp" )
#input (type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input (type="imtcp" port="514")

This is how it should look like

# provides UDP syslog reception
module (load="imudp" )
input (type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input (type="imtcp" port="514")

Port 514 is the default, but you may choose a different one if needed.

Once all changes are done to that file, restart the rsyslog service.

elric@PlaceForTech:~$ sudo service rsyslog restart

Finally, let’s confirm that the service is up and actively listening on the intended port.

First, run sudo service rsyslog status to make sure the service is up and running.

elric@PlaceForTech:~$ sudo service rsyslog status

Confirm it’s enabled and actively running, similar to the example below.

elric@PlaceForTech:~$ sudo service rsyslog status
● rsyslog.service - System Logging Service
     Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
     Active: active (running) since Sun 2025-07-06 06:39:52 BST; 1 week 1 day ago
TriggeredBy: ● syslog.socket
       Docs: man:rsyslogd(8)
             man:rsyslog.conf(5)
             https://www.rsyslog.com/doc/
   Main PID: 381 (rsyslogd)
      Tasks: 10 (limit: 760)
        CPU: 190ms
     CGroup: /system.slice/rsyslog.service
             └─381 /usr/sbin/rsyslogd -n -iNONE

Then, use sudo netstat -plan | grep -E “rsyslog|514” to confirm it’s listening on the correct port.

elric@PlaceForTech:~$ sudo netstat -plan | grep -E "rsyslog|514"

And you should have something like the next example.

elric@PlaceForTech:~$ sudo netstat -plan | grep -E "rsyslog|514"
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      381/rsyslogd
tcp6       0      0 :::514                  :::*                    LISTEN      381/rsyslogd
udp        0      0 0.0.0.0:514             0.0.0.0:*                           381/rsyslogd
udp6       0      0 :::514                  :::*                                381/rsyslogd
unix  2      [ ]         DGRAM      CONNECTED     5297     381/rsyslogd

All these new logs coming from your devices will be stored in /var/log/, just like this:

elric@PlaceForTech:~$ ls -l /var/log/ | grep syslog
-rw-r-----  1 root adm               8395 Jul 14 20:01 syslog
-rw-r-----  1 root adm              92212 Jul 14 17:45 syslog.1
-rw-r-----  1 root adm              33516 Jul  6 00:00 syslog.2.gz

Log messages will be saved in the file called syslog, and once it gets full, there will be a syslog.<#> file created and so on everytime it gets full.

To check upcoming syslog messages in real time, you can use the command tail -f /var/log/syslog and as a new log come to the syslog server, it will be prompted in the output by itself.

You can always cancel that action with Ctrl+C.

Now you know how to create a Raspberry Pi Syslog server and collect all your devices’ logs.

I hope you find this post useful. Feel free to leave a comment down below with your thoughts about it.

If you prefer a visual guide, this video walks you through the entire process of setting up a Syslog server on an Raspberry Pi.