Unomaly docs
Unomaly docs

Unix/Linux

Unix and Linux-based systems have built-in support for syslog. Usually syslogd, rsyslog, or syslog-ng is preinstalled. Read the following guidelines to configure the relevant syslog to forward data to Unomaly.

Configure syslog-ng

Syslog-ng is a modern syslog-service available for most unix and linux platforms. It supports forwarding of internal and forwarded Syslog as well as tailing and forwarding local files.

In Syslog-ng you declare a sourcedestination, a log directive that ties the source and destination together, and (optional) filter. Sources may be incoming syslog, tailing a file, local pipe, and so on. The destination indicates a Unomaly instance.

Tip: If you want to forward logs that are already being handled by the syslog process, just create a new destination and a new log-directive and use the source-declarations that already exists.

Forward all log logs

[syslog-ng.conf]

# Declare a file tailing source
source apache_error_log { file("/var/log/apache2/error.log" follow_freq(1)); # get the apache log };

# Define the Unomaly destination
destination unomaly { tcp("" port(514)); };

# Forward standard system logs
log { source(s_src); destination(unomaly); }; # send the default system logs

# Forward the apache_error_logs defined above
log { source(apache_error_log); destination(unomaly); }; # send the local_logs

Restart the syslog-ng process after declaring the new configuration.

service syslog-ng restart

Configure rsyslog

Rsyslog is a modern syslog-service available for most Unix and Linux platforms. It supports forwarding of internal and forwarded syslog as well as tailing and forwarding local files.

Forward logs from an individual host

[rsyslog.conf]
# forward all local logs to remote syslog server over tcp
*.* @@192.168.0.1

Tip: Rsyslog makes a dns-lookup on its ip address and injects the result as originating host in the syslog message, so make sure the /etc/hosts file has the desired hostname first and not ‘localhost’.

Forward logs from both syslog and tail

[rsyslog.conf]
# load imput module for file monitoring & define file input
$ModLoad imfile
# define the input
$InputFileName /path/to/file1
$InputFileStateFile stat-file1
$InputFileTag mytag   # this might be needed depending on your rsyslog version
$InputRunFileMonitor
*.* @@192.168.0.1

Configure syslogd

Syslogd is a legacy syslog-service available on older Unix and Linux platforms. It supports forwarding of internal Syslog, but not tailing of local files.

Forward all logs

[syslogd.conf]
*.* @192.168.0.1

Table of Contents