Suse log integration

Log Integration Guide

Log Integration procedure:

Follow these steps to configure log forwarding to a remote syslog server.

1. Install syslog package if you haven’t installed it by executing the below command:

# apt-get install rsyslog

1. Checking the rsyslog.conf

Open a rsyslog.conf file located at /etc/rsyslog.conf by following command.

vim /etc/rsyslog.conf

At the end of the file check for the following line and uncomment 2ndline

#Include all config files in /etc/rsyslog.d/

$IncludeConfig /etc/rsyslog.d/*.conf

Add below line at end of the file.

*.* @<Log Collector IP>:12514

Save and quit the configuration file.

Navigate to the following directory /create a file using the below command and paste the entire content of the file (all lines) from the below file:

#vim /etc/audit/rules.d/audit.rules

Edit the above file and quit.

Download the audit.rules file from below: Audit Rules

Restart rsyslog service

sudo systemctl restart rsyslog

Verify the syslog status

sudo systemctl status rsyslog