Linux

Getting Started

This setup guide will go over both automatic and manual settings for Linux to send the system's logs to Log Server. After configuration you should immediately start receiving the logs that you would normally view in the /var/log/messages file on the Linux system you configured.

Configuration Setup

This uses a script to configure your syslogs to send to Log Server. To customize your syslog install, configure syslog manually by click on one of the tabs above.

Automatic Script - Supported Operating Systems
  • CentOS, Fedora, and RHEL
  • Ubuntu and Debian

You must have rsyslog installed. If your operating system is not listed, you can manually configure syslog.

Run the Script

On the system you want to send logs from, run the following commands to download and run the script to automatically setup rsyslog.

Verify Spool and Config Location

Put the following commands in your terminal window to verify the rsyslog spool directory and that the rsyslog.d folder exists. The second line will output the spool path you will need to add in the next section for $WorkDirectory in the configuration.

Setup the Rsyslog Configuration File

Edit your /etc/rsyslog.conf file. Add the following to to the configuration file, looking for the 'begin forwarding rule.'

You will need to replace $WorkDirectory with the unique file path of the rsyslog spool directory. This was displayed from the command on line 2 of the previous code block. If there is no directory specified, or the directory specified doesn't exist, then the rsyslog service will error on restart.

Example: $WorkDirectory /var/lib/rsyslog

Restart the rsyslog service

sudo /etc/init.d/rsyslog restart
Setup the syslog-ng Configuration File

Add the following to the syslog-ng configuration file, usually located at /etc/syslog-ng/syslog-ng.conf.

Restart the syslog-ng service

sudo /etc/init.d/syslog-ng restart

Verify Incoming Logs

Once you have configured the log sender, you should start receiving logs right away. Put in the senders IP address to see if you are receiving logs from that IP.

IP Address