Graylog and Rsyslog.d – Collecting logs from a remote system into Graylog


Set up a basic Graylog Virtual Appliance from Graylog website

Easiest to download the OVA package and deploy it on the virtualization platform of your choice

You can follow the Getting Started document from Graylog’s website — they have great documentation —

On Your Basic Graylog Virtual Appliance

Login through the Web Portal of Graylog Virtual Appliance
Add a new input – Syslog UDP – with the below configuration
Login page of Graylog Virtual Appliance

( Pay attention to port: 5514 ) Using a >1024 port number it will not give errors of not being able to bind to address/port )

Configure Title and Port
Syslog Server started

On Your Client machine :::

Create a new file with ending .conf at /etc/rsyslog.d/filename.conf

add the below line , replace the IP and Port appropriate for your environment and open Firewall Ports if required on both Client and Server end.

. @;RSYSLOG_SyslogProtocol23Format
Restart rsyslog.d service
# systemctl restart rsyslog.service
Confirm from the Client computer sending a TestABC123 with the below command:
# logger TestABC123

TestABC123 appears in Graylog collected logs from remote computer over the network

Leave a comment

Your email address will not be published. Required fields are marked *