Sending Syslog logs from Ubuntu to a remote syslog server

I don’t know why I didn’t have notes on this already. I’ve done it dozens of times. So here’s the write up.

I use Ubuntu and it uses the syslog facility/daemon called rsyslogd. Its configuration file is located here:

/etc/rsyslog.d/50-default.conf

This file tells the deamon where to log each type of message. For example the follow entry means that all cron message are sent to /var/log/cron.log:

cron.* /var/log/cron.log

If you want to the cron messages to also be sent a remote syslog server, then you can add this entry.

cron.* @[server ip here]:514

I just want all my messages send to the syslog server. So I added a catch all line:

*.* @[server ip here]:514

Restart the daemon like so and you should have a nice flood of log entries.

service rsyslog restart

As a side note if you need to send windows event logs to a syslog server you can use SNARE from here. It’s open source, free and doesn’t require a server/workstation reboot to get going.

Author: Helicopter Jeff

I'm a vinyl decal cutting and designing, Astrophotography and general photography capturing, RC helicopter/quad copter pilot, Arduino and Raspberry Pi hardware/software developer, network, scripting and troubleshooting ninja living in the metro NY area. I am passionate about my hobbies so much I do them for a living. There's nothing better than getting paid to do what you love.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s