Forward Syslog events from Linux System

 

To allow IT Asset Tool to receive events from Linux Operating Systems it is necessary that the Forward of the logs is configured correctly.

A tool named SendSyslog.exe is available to test the receipt of events by IT Asset Tool by sending them directly from a Windows computer. The tool is contained directly in the "Server" folder of our installation.

Once verified that IT Asset Tool receives our Logs, we can dedicate to the installation and configuration of one of the many packages that will forward events from our Linux server. In our guide we will use "rsyslog" in a Debian LIKE environment.

Installation command: apt-get install rsyslog

Once installed we proceed with the forward configuration by editing the file with a text editor: vi /etc/syslog.conf

At the end of the file we add the following wording *. * @Servername: 514 and save the file.

This row set the syslog manager to send all events (*. *) to port (514) of the server (servername).

We then restart the service with the following command /etc/rc.d/init.d/rsyslog restart

 

With this simple configuration we can start receiving logs from our Linux system.

 

N.B. The above commands are an example that can change depending on the Linux distribution in use. For a more exhaustive guide, please refer to the manufacturer of the operating system itself.