Rsyslog is the default syslog package that is used in the primary Linux distributions today. It consists of a main configuration file (/etc/rsyslog.conf) and a directory (/etc/rsyslog.d/) where other configuration files containing rules for rsyslog processing are stored.
Rsyslog (version 3.19.0 and later) can to establish secure channels using SSL/TLS at three possible levels:
- Encryption only
- Encryption + SSL certificate
- Encrypted channel + SSL certificate + client certificate authentication
When using rsyslog to forward events to a Devo In-House Relay, it is not necessary establish a secure channel. However, if you want to use rsyslog to forward events directly to your domain in the Devo Cloud, it is necessary to establish a fully-secure channel.
In either case, you need to create configuration files that tell rsyslog where to monitor log files on the machine and how to tag and forward the associated events to the Devo endpoint.
- SSL/TLS not working in Ubuntu 12
- Outdated version of rsyslog in Debian 5.x (Lenny)
- Upgrade from syslog-ng to rsyslog in CentOS 5
- On some Fedora and RHEL systems, logs cannot be sent due to SELinux settings