# Suse log integration

**Log Integration Guide**

**Log Integration procedure:**

Follow these steps to configure log forwarding to a remote syslog server.

1. Install syslog package if you haven’t installed it by executing the below command:

`# apt-get install rsyslog`

1. Checking the rsyslog.conf

Open a rsyslog.conf file located at /etc/rsyslog.conf by following command.

`vim /etc/rsyslog.conf`

At the end of the file check for the following line and uncomment 2ndline

\#Include all config files in /etc/rsyslog.d/

`$IncludeConfig /etc/rsyslog.d/*.conf`

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2Fcpds6aQeyQmfCJgm1urJ%2F36e2b779%20a73e%204bba%208338%2025465ff46e44.png?alt=media)

Add below line at end of the file.

`*.* @<Log Collector IP>:12514`

![](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2FvqUEX77MCHizkr3mo0rf%2F3a4a3fb4%2059cd%204b11%2093cb%2037ea1fc74cec.png?alt=media)

Save and quit the configuration file.

Navigate to the following directory /create a file using the below command and paste the entire content of the file (all lines) from the below file:

`#vim /etc/audit/rules.d/audit.rules`

Edit the above file and quit.

Download the audit.rules file from below:\
[Audit Rules](https://g14solutionsllc.sharepoint.com/:f:/s/DeploymentTeam/ElkZ9la8PsdCh9MW9jpu-q8BAnobwdkQ4C-iedFgUnnIoQ?e=rs8WBD)

Restart rsyslog service

`sudo systemctl restart rsyslog`

Verify the syslog status

`sudo systemctl status rsyslog`

![A screenshot of a computerDescription automatically generated](https://2078222076-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2FSnYiJstMQdoIASqszwbu%2F48a8f3f5%205680%20459b%208d02%208c31f79abe52.png?alt=media)