Table of Contents:
Requirements
- Connectivity between the forwarder and Linux device.
- The required port (11655) should be enabled in the Rsyslog configuration.
Configuring Rsyslog to forward events
Take the following steps to configure your Linux devices:
- you can install rsyslog using the below command:
sudo apt-get install rsyslog
2. Switch to the /etc folder and take the backup of the default rsyslog config
cd /etc/
cp -pr rsyslog.conf rsyslog.conf_bkp_`date +%F`
3. Open the rsyslog config file with the editor of your choice:
sudo nano /etc/rsyslog.conf
4. Add the following line:
- After WorkDirectory add as follows
*.* @forwarder IP address:11655
Note :
@ is for forwarding the logs over the UDP protocol
@@ is for forwarding the logs over the TCP protocol. - Press the ctrl+x button along with 2-3 times ENTER to save and exit from nano.
Note: Ip address provided in the screenshot is for reference.
5. Restart the rsyslog service.
Service rsyslog restart
6. Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression, or with a specific hostname, will provide the log source types which are ingesting to chronicle.
Comments
0 comments
Please sign in to leave a comment.