Configuring Syslog

For more tutorials check out the Tutorials section.

I'll be using a cygwin console to connect to, and configure syslog from a unix machine.

I'm now connected to my Unix machine

The file that controls your rsyslog installation is the rsyslog.conf it can be found in the /etc/ folder and requires root privileges to modify.

Once you've opened your rsyslog.conf you should be presented by something similar to this image, depending on your editor of choice.

Scroll to the bottom of the file and you will find a line similar to this.

*.* means all syslog will be sent to this location. It is possible to filter syslog to different locations, you can find this information on the rsyslog website.

@10.28.0.97:1514Is our target destination, using only one @ signs means TCP will be used, @@ would result in UDP. 10.28.0.97 is the destination IP. And 1514 the destination port. By default Logscape will listen on 1514.

After you have saved your rsyslog.conf you will need to restart the rsyslog service so that your changes take effect. Again this requires root privileges.

Once rsyslog has restarted you can use the command "logger test message" to send a test Syslog message, you can then search for this message in Logscape in order to confirm everything is properly configured

As you can see the test message has arrived, so our syslog forwarder is properly configured.