Configuring your Unix system

The Unix Events Workspace visualises your unix system logs from all your connected hosts giving a breakdown of errors and problems in your system as they occur. To get more detailed auditing of your system, enable unix audit logs.


Unix System Log Data

The easiest way to stream unix system log data is through syslog. This guide will show you how to config rsyslog to forward logs into Logscape. Syslog is natively supported by Unix so the configuration may change slightly depending on your Linux distribution.

1) Configuring Rsyslog

Open your Logscape config file:

sudo vi /etc/rsyslog.d/22-logscape.conf

Add the Logscape syslog template

$template Cloud,"LOGSCAPETOKEN:YOUR_SECURITY_TOKEN_HERE LOGSCAPETAG:syslog <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% %msg%"

and then

*.* @@collector.logscape.com:1468;Cloud

to forward all your syslog data into Logscape. Make sure to replace "YOUR_SECURITY_TOKEN_HERE" with the security token that you can find on the My Account section of the website.

2) Restart the syslog daemon.

Restart your rsyslog daemon.

sudo service rsyslog restart
3) Confirm connectivity.

Now that you've configured and restarted rsyslog you can now send a test message through Syslog to make sure that Logscape is recieving your data.

logger THIS IS A TEST MESSAGE