Description
To get Linux logs with Syslog, rsyslog module needs to be used. In Linux, logs are written in Text messages into the imfile file. The logs can be received from this path to Logsign USO Platform via syslog protocol. In this document, we will send Apache Logs to Logsign USO Platform with rsyslog. With the same method, different applications' logs can be sent on Linux to Logsign USO Platform via rsyslog.
Resolution
- Open the terminal with root privileges on Linux and create a new conf file under /etc/rsyslog.d/
# nano /etc/rsyslog.d/apachelogs.conf
- Prepare the conf file as follows.
----------------------------------------------------------------------------------
module(load="imfile" PollingInterval="10" mode="notify")
# Apache access file:
input(type="imfile"
File="/var/log/apache2/access.log" #where Apache access logs are kept
Tag="apache-access"
Severity="debug"
Facility="local5")
# Apache error file:
input(type="imfile"
File="/var/log/apache2/error.log" #where Apache error logs are kept
Tag="apache-error"
Severity="debug"
Facility="local6")
#Log Forwards to Logsign
action(type="omfwd"
Target="10.10.9.28" # Logsign USO Platform IP Address
Port="514"
Protocol="udp")
-------------------------------------------------------------------------------------
- After saving the file, restart the rsyslog service. Enable the rsyslog service to open automatically when the server restarts. For these processes, following commands are used.
root@webserver:~# systemctl enable rsyslog.service
root@webserver:~# systemctl restart rsyslog.service
- On the Logsign, go to Settings > Data Collection and add source with +Device. SYSLOG is selected and other information is defined as in below.
- Now Apache Web server logs are visible in Logsign.
