Skip to main content
Loading...
Collection ideology

Syslog sources connect directly to the RuSIEM / RvSIEM server. To collect from *nix/bsd-like sources use the package rsyslog/syslog.

Setup rsyslog

1) Add to file rsyslog.conf on your linux server string:

module(load="imfile"
     mode="inotify"
)

 

2) Add config for your source to /etc/rsyslog.d/

Example, for Nginx, create /etc/rsyslog.d/nginx.conf with content:

input (type="imfile" tag="nginx"
PersistStateInterval="1000"
      reopenOnTruncate="on"
file="/var/log/nginx/*.log")

 

3) restart rsyslog daemon. Example, for Ubuntu: service rsyslog restart