Enable the rsyslog client to support message logging.
About this task
Rsyslog forwards logs from the client to remote rsyslog servers. Linux administrators can configure the rsyslog client to centralize log files for archiving and troubleshooting.
The following steps are applicable for a SUSE 12
Cyber Recovery virtual appliance deployment. Your operating system might use syslog instead of rsyslog, however, the steps are similar. See the syslog documentation for information about the version of syslog.
Steps
Edit the
/etc/audisp/plugins.d/syslog.conf file so that
active = yes, and then save and exit the file.
Edit the
/etc/rsyslog.conf file, and then save and exit the file.
For example, add the following to the
/etc/rsyslog.conf file:
The input module that can convert any standard text file into a syslog message.
$InputFileName
(optional)
The name of the file that you want to send to the rsyslog server.
NOTE: Rsyslog supports wildcard matching for files and directories. See
RSyslog Documentation for more details about wildcards.
$InputFileTag (optional)
The tag used for messages that originate from this file. You can include a colon after the tag (for example,
$InputFileTag tag_audit_log:).
$InputFileStateFile
(optional)
State files track which partitions have been processed for the monitored files. The state files are stored in the rsyslog working directory. If you delete the state files, the entire file is read in again. Ensure that you specify a unique name.
$InputFileSeverity
(optional)
The syslog severity to assign to read lines. The input can be text (for example,
info or
warning) or numerals (or example,
4 for
info). Text is recommended. The default value is
"notice".
$InputFileFacility
(optional)
The syslog facility to be assigned to read lines. The input can be text (for example,
local0 or
local1) or numerals (or example,
128 for
local0). Text is recommended. The default value is
"local0".
$InputRunFileMonitor (optional)
This parameter activates the current monitor. There are no parameters. If you omit this parameter, no file monitoring occurs.
*.* @<Server_IP>:514 (required)
Replace
<Server_IP> with the syslog server IP address.
NOTE:
To send all system logs to the syslog server, use only the last line in the configuration file, which is described in the last row of the preceding table. This line is the only line that is required to send all system logs to the syslog server.
Cyber Recovery application logs are not included.
To send
Cyber Recovery application logs that are in a specific directory to the syslog server, use the other optional parameters that are described in the preceding table.