Sending Syslog logs from Ubuntu to a remote syslog server

I don’t know why I didn’t have notes on this already. I’ve done it dozens of times. So here’s the write up.

I use Ubuntu and it uses the syslog facility/daemon called rsyslogd. Its configuration file is located here:


This file tells the deamon where to log each type of message. For example the follow entry means that all cron message are sent to /var/log/cron.log:

cron.* /var/log/cron.log

If you want to the cron messages to also be sent a remote syslog server, then you can add this entry.

cron.* @[server ip here]:514

I just want all my messages send to the syslog server. So I added a catch all line:

*.* @[server ip here]:514

Restart the daemon like so and you should have a nice flood of log entries.

service rsyslog restart

As a side note if you need to send windows event logs to a syslog server you can use SNARE from here. It’s open source, free and doesn’t require a server/workstation reboot to get going.

