This article describes how to manually configure syslog-ng send system log events to Devo over an unsecured channel. This is the recommended procedure when you want to forward events within your network to a Devo In-House Relay.
There are three simple steps:
| Table of Contents | ||
|---|---|---|
|
Edit the syslog-ng.conf file
To forward the internal logs of a system to a Devo relay over TCP, add the following line to the /etc/syslog-ng/syslog-ng.conf configuration file:
| Code Block | theme | RDark
|---|
source s_src {
system();
internal();
};
destination d_devo_unix {
tcp("DEVO-RELAY-IP" port(PORT)
template("<$PRI>$DATE $HOST box.unix.$PROGRAM: $MESSAGE\n")
);
};
log { source(s_src); destination(d_devo_unix); }; |
Replace DEVO-RELAY-IP and PORT with the IP address and port of the Devo relay. To view a list of active relays, go to Administration → Relays in the Devo web application.
The destination statement directs syslog-ng to forward events from syslog to the machine specified by the DEVO-RELAY-IP:PORT combination.
Restart syslog-ng
Once you've edited the configuration file, you need to restart syslog-ng to activate the new settings.
| Code Block |
|---|
/etc/init.d/syslog-ng restart
|
Test the connection
You can make sure that the events are being forwarded to the Relay by using the logger command to write test messages to the system log.
| Code Block |
|---|
logger "Hello from machine01"
logger "Hello from machine01"
logger "Hello from machine01"
logger "Hello from machine01"
logger "Hello from machine01"
|
In the Devo web application, go to Data Searchsearch. Open the box.unix data table to confirm that these logger events were forwarded and received correctly.