|Applies To||RSA Product Set: Identity Management and Governance|
RSA Version/Condition: Any
Platform: SUSE Linux Enterprise Server 11 (x86_64)
The goal of this KB Article is to provide instructions on how to configure Client syslog-ng.conf to send log messages to a log server.
There is a scenario where our customers requiring to install rsyslog for security auditing. The information in system logs can be used to detect hardware and software issues as well as application and system configuration errors. This information also plays an important role in security auditing and incident response.
This procedure describes how to configure syslog-ng.conf file on your server as a client,to send log messages to a Remote Log server.
1) Launch the putty on Server and login with user 'root'.
2) cd to /etc/syslog-ng directory and take a backup of syslog-ng.conf file as syslog-ng.conf-ori
or with any other name.
3) Edit the syslog-ng.conf configuration file using ‘vi’ editor and search for the line below:
4) Uncomment two lines below from this section :
5) Replace the IP address 10.10.10.10 to the IP address of your Remote Syslog server.
For example :
[ In our example here ,our Remote Syslog Server IP is : 192.168.10.1]
6) Save the changes and Quit from VI Editor by typing :
7) Make sure the syslog deamon is ON/Enabled on runlevel 3 and 5.
[ It needs to be enable on atleast runlvel 3. In the example below Syslog is ON on runlevel 2 , 3 and 5]
8) Restart the syslog service with the command below :
9) Monitor outgoing traffic to the remote syslog server and verify the changes work.