Sending syslog from Linux hosts to Graylog server

0
8908

The most popular program that used on Linux to forward log is rsyslog and comes with latest linux OS. Forwarding syslog messages with rsyslog is easy.

Here I use Putty to connect Linux machine to configure sending log data to graylog server

After log in We need to create graylog.conf file under rsyslog.d folder.

[root@localhost ~]# vi /etc/rsyslog.d/graylog.conf

And add line as below. We will use UDP 1503 port for sending log data.

*.* @172.16.10.51:1503;RSYSLOG_SyslogProtocol23Format

If you want to use TCP then change that line as below:

*.* @@172.16.10.51:1503;RSYSLOG_SyslogProtocol23Format

The difference between UDP and TCP is using @ instead of @@ as target descriptor.

Finally we need to restart rsyslog service:

[root@localhost ~]# service rsyslog restart

We finish configuration on Linux server. Now we can move to graylog server to create input to receive logs. Message inputs are the Graylog parts responsible for accepting log messages.

There are many inputs that support graylog and We will use SYSLOG UDP.

So login to graylog and go to System -> Inputs, choose syslog udp from the list and click on Launch new input

Then fill all required field as below and click Save:

Click “Show received messages” to look at logs:

Logs received, here we can see that I login to Linux server with ssh from 172.16.10.114 IP address:

That’s all. I hope, this article was helpful for you and You can look at other articles about graylog from here Graylog log management

LEAVE A REPLY

Please enter your comment!
Please enter your name here