Syslog configuration on Ubuntu

You are here:
< Back

Syslog configuration on Ubuntu

On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used.
If not already present, install rsyslog packet.

apt-get -y install rsyslog

Edit “50-default.conf” file

vi /etc/rsyslog.d/50-default.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

service rsyslog restart