syslog – How to send to remote server?

1. Edit /etc/rsyslog.conf file and add the below to send syslog remotely.
*.*      abc-host:514

2. Restart the rsyslog service.
service rsyslog restart

3. Login to abc-host, edit /etc/sysconfig/syslog file and include ” -r ” opetion in the SYSLOGD_OPTIONS to receive the syslog messages.

4. Restart the syslog service
service syslog restart

5. Now tail the /var/log/messages and view the remote logs.

6. To send to logstash syslog input, configure as below.

input {
syslog {
type => syslog
port => 2345
add_field => { track_id => 12345 }
}
}

Advertisements