Linux Log Forwarding: Syslog for Linux

Purpose: The following instructions were created as a rudimentary guide to help BSD departments configure syslog to Linux servers.

Scope: These instructions are intended to be used by BSD Departmental systems and servers. Depending on your servers’ current configuration, these instructions may not work properly. In those cases, please contact your local IT administrator for further support.

Configuration

  1. Login to your Linux computer that will be the client.
  2. Backup your old rsyslog.conf file with the command: ‘cp /etc/rsyslog.d/rsyslog.conf /tmp/rsyslog.conf.bkp’
  3. Download the following zip file: sec-qevent.conf
  4. Unzip the contents of the downloaded file into the clients’  ‘/etc/rsyslog.d/’ directory.
  5. Rename the file to sec-qevent.conf.
  6. Restart the syslog service on your Linux client with the command: ‘/etc/init.d/rsyslog restart’.