Unix and Linux-based systems have built-in support for syslog. Usually syslogd, rsyslog, or syslog-ng is preinstalled. Read the following guidelines to configure the relevant syslog to forward data to Unomaly.


Configure Syslog-ng

Syslog-ng is a modern syslog-service available for most unix and linux platforms. It supports forwarding of internal and forwarded Syslog as well as tailing and forwarding local files.

In Syslog-ng you declare a source, destination, a log directive that ties the source and destination together, and (optional) filter. Sources may be incoming syslog, tailing a file, local pipe, and so on. The destination indicates a Unomaly instance.

Forward all local logs

[syslog-ng.conf]

# Declare a file tailing source
source apache_error_log { file("/var/log/apache2/error.log" follow_freq(1)); # get the apache log };

# Define the Unomaly destination
destination unomaly { tcp("" port(514)); };

# Forward standard system logs
log { source(s_src); destination(unomaly); }; # send the default system logs

# Forward the apache_error_logs defined above
log { source(apache_error_log); destination(unomaly); }; # send the local_logs

Make sure to restart the syslog-ng process after declaring new configuration.

service syslog-ng restart

Configure Rsyslog

Rsyslog is a modern syslog-service available for most Unix and Linux platforms. It supports forwarding of internal and forwarded Syslog as well as tailing and forwarding local files.

Forward logs from an individual host

[rsyslog.conf]
# forward all local logs to remote syslog server over tcp
*.* @@192.168.0.1

Forward logs from both syslog and tail

[rsyslog.conf]
# load imput module for file monitoring & define file input
$ModLoad imfile
# define the input
$InputFileName /path/to/file1
$InputFileStateFile stat-file1
$InputFileTag mytag   # this might be needed depending on your rsyslog version
$InputRunFileMonitor
*.* @@192.168.0.1

Configure Syslogd

Syslogd is a legacy syslog-service available on older Unix and Linux platforms. It supports forwarding of internal Syslog, but not tailing of local files.

Forwarding all logs

[syslogd.conf]
*.* @192.168.0.1