Forwarding Syslogs to External Servers

Photo by Javier Quiroga on Unsplash

What is syslog?

Syslog is a standard for collecting, routing, and storing log messages. This protocol allows sending logs to a central store. Syslogs are used by system admins to debug issues that occur in the system or application and also for monitoring purposes.

Syslog Deamon

The syslog daemon is a server process that facilitates message logging for applications and system processes. The type of Syslog deamon can be vary depending on your operating system.

example Syslog Daemons:

  • RSyslog
  • Syslogd
  • Syslog-ng

To know your syslog deamon, just check for the filename in /etc directory.

In RHL ,

ls /etc/*syslog*

ls /etc/*syslog*

If the above command doesn’t return anything you can simply install a Syslog daemon.

In RHL,

sudo yum install rsyslog

Forwarding Syslogs

Syslogs have the capability of routing logs through a network. This has made the ability of forwarding logs to external logging servers/tools like papertrail, SolarWinds Kiwi Syslog Server, Datadog, Dynatrace etc. This gives system admins a broader view of the systems that they are managing.

How to Forward Syslogs (Red Hat Enterprise Linux)

In built, Syslog communicates via UDP 514 and 601. You can simply forward your syslogs by adding a rule to rsyslog.conf

vi /etc/rsyslog.conf

imfile is a file input module that allows you to convert any standard text file into a Syslog message.

Following are the definitions for each directive

InputFileName : Name of the input log file. This path should be an absolute path.

InputFileTag : This is the tag to be used for messages that originate from this file

InputFileStateFile : Rsyslog must keep track of which parts of the to be monitored file it already processed. This is done in the state file. This file always is created in the rsyslog working directory

InputFileSeverity : The syslog severity to be assigned to lines read

reference

InputFileFacility : The syslog facility to be assigned to lines read

reference

The above rule saves the given log file to a given facility in syslog. After that, you can send all data from the given facility to your remote server.

[FACILITY].* @@hostname:<portnumber>
with sample values

Now you should be able to catch your particular syslog data from the remote server.

--

--

--

Dev Ops Engineer | Blogger

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

MySQL Like Operator in CodeIgniter 4 Query Builder Tutorial

Baya, a Layout Framework for Swift.

Developing our own Operating System (Part 07)

Dijkstra’s Algorithm:

Adding PHPMyAdmin to Laravel Sail

10 Things you should think about when selecting a mobile solution for SAP PM/CS

SAP Plant Maintenance and Customer Service

lazypay customer care number 8116481875//8116489352

5 Minute DevOps: Holiday Special

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Randula Koralage

Randula Koralage

Dev Ops Engineer | Blogger

More from Medium

Organising & Architecting for Sustained Digital Transformation

Amazon EKS Blueprints accelerates application modernization with modern cloud operations (CloudOps)

Elasticsearch Analyzers

Use Cases of Graph Databases in Automotive Applications