Link Search Menu Expand Document

Linux Syslog

Table of contents
  1. This guide will address the following topics:
  2. Linux
    1. Linux Server - rsyslog
    2. Linux Server - syslog-ng

This guide will address the following topics:

  • Event exporter configuration
    • Linux - syslog-ng
    • Linux - rsyslog

Linux

The following assumes that a Fluency device located at the IP address 10.20.1.15 is used to collect and import syslog from other servers/devices/appliances.

NOTE: The following examples assumes the use of CentOS 6. For CentOS 7, /etc/init.d/ is likely replaced with systemctl.

Linux Server - rsyslog

An implementation of syslog that is used by default on many UNIX-like systems (such as RedHat Enterprise Linux, and it’s derivatives) is rsyslog.

The rsyslog configuration is located in the file /etc/rsyslog.conf

For example, to export syslog on a system running rsyslog, append the following line to /etc/rsyslog.conf

*.* @@10.20.1.15:514

Restart the rsyslog deamon with the following commands:

/etc/init.d/rsyslog stop

and

/etc/init.d/rsyslog start

Upon completion of the above steps on the exporting device, the Fluency apliance should begin to receive its syslog exports.

Linux Server - syslog-ng

Another implementation of syslog used on many UNIX-like system is syslog-ng.

The rsyslog configuration is located in the file /etc/syslog-ng/syslog-ng.conf

Add the following lines to the syslog-ng.conf file to add and enable syslog export

destination d\_export \{ udp(ip("10.20.1.15") port(514)) \}
log \{ source(s\_sys) destination(d\_export) \}

Restart the rsyslog deamon with the following commands:

/etc/init.d/syslog-ng stop

and

/etc/init.d/syslog-ng start

Upon completion of the above steps on the exporting device, the Fluency apliance should begin to receive its syslog exports.

Version: March 2017, Rev 2