I don’t know why I didn’t have notes on this already. I’ve done it dozens of times. So here’s the write up.
I use Ubuntu and it uses the syslog facility/daemon called rsyslogd. Its configuration file is located here:
This file tells the deamon where to log each type of message. For example the follow entry means that all cron message are sent to /var/log/cron.log:
If you want to the cron messages to also be sent a remote syslog server, then you can add this entry.
cron.* @[server ip here]:514
I just want all my messages send to the syslog server. So I added a catch all line:
*.* @[server ip here]:514
Restart the daemon like so and you should have a nice flood of log entries.
service rsyslog restart
As a side note if you need to send windows event logs to a syslog server you can use SNARE from here. It’s open source, free and doesn’t require a server/workstation reboot to get going.