Sending data to Devo / Event sources / Unix-like machines / Third-party syslog tools configuration / rsyslog
rsyslog
Overview
Rsyslog is the default syslog package that is used in the primary Linux distributions today. It consists of a main configuration file (/etc/rsyslog.conf) and a directory (/etc/rsyslog.d/) where other configuration files containing rules for rsyslog processing are stored.
Rsyslog (version 3.19.0 and later) can establish secure channels using SSL/TLS at three possible levels:
- Encryption only
- Encryption + SSL certificate
- Encrypted channel + SSL certificate + client certificate authentication
When using rsyslog to forward events to relay, it is not necessary to establish a secure channel. However, if you want to use rsyslog to forward events directly to your domain in the Devo Cloud, it is necessary to establish a fully secure channel.
In either case, you need to create configuration files that tell rsyslog where to monitor log files on the machine and how to tag and forward the associated events to the Devo endpoint.
Tip
For the primary Linux distributions, the configuration packages will help you set up the forwarding of basic OS system log events to the Devo endpoint. However, if you want to send application log events, you will need to manually edit the syslog configuration files.
Known issues
- SSL/TLS not working in Ubuntu 12
- Outdated version of rsyslog in Debian 5.x (Lenny)
- Upgrade from syslog-ng to rsyslog in CentOS 5
- On some Fedora and RHEL systems, logs cannot be sent due to SELinux settings
Related articles
- Simple sending using rsyslog
- Secure sending using rsyslog
- Monitoring files using rsyslog
- Obsolete legacy format