Linux Syslog

This guide will address the following topics:

Event exporter configuration
- Linux - syslog-ng
- Linux - rsyslog

The following assumes that a Fluency device located at the IP address 10.20.1.15 is used to collect and import syslog from other servers/devices/appliances.

NOTE: The following examples assumes the use of CentOS 6. For CentOS 7, /etc/init.d/ is likely replaced with systemctl.

Linux Server - rsyslog

An implementation of syslog that is used by default on many UNIX-like systems (such as RedHat Enterprise Linux, and it's derivatives) is rsyslog.

The rsyslog configuration is located in the file /etc/rsyslog.conf.

For example, to export syslog on a system running rsyslog, append the following line to /etc/rsyslog.conf:

*.* @@10.20.1.15:514

Restart the rsyslog deamon with the following commands:

/etc/init.d/rsyslog stop

and

/etc/init.d/rsyslog start

Upon completion of the above steps on the exporting device, the Fluency appliance should begin to receive its syslog exports.

Linux Server - syslog-ng

Another implementation of syslog used on many UNIX-like system is syslog-ng.

The syslog-ng configuration is located in the file /etc/syslog-ng/syslog-ng.conf.

Add the following lines to the syslog-ng.conf file to add and enable syslog export:

destination d\_export \{ udp(ip("10.20.1.15") port(514)) \}
log \{ source(s\_sys) destination(d\_export) \}

Restart the rsyslog deamon with the following commands:

/etc/init.d/syslog-ng stop

and

/etc/init.d/syslog-ng start

Upon completion of the above steps on the exporting device, the Fluency appliance should begin to receive its syslog exports.

Page last updated: 2023 Aug 07 16:37:10 EDT

Linux Syslog

Linux Server - rsyslog​

Linux Server - syslog-ng​

Linux Server - rsyslog

Linux Server - syslog-ng