Using rsyslog

• rsyslog is a linux logging program that needs to be enabled and configured to handle logs from external systems.

Logging Authpriv messages

• In order to get clients to send Authpriv logs to the proper logging machine, we need to tell the client where to send these logs.

• On a CentOS operating system, add the following line to the /etc/rsyslog.d/log.conf/ file to enable Authpriv sending to the correct IP address: authpriv.* @192.168.1.10

• On a VYOS router, input the following line into the configuration command line of the router to enable Authpriv messages: set system syslog host 192.168.1.10 facility authpriv level info

Advanced Logging Clients

• As we move forward, the /etc/rsyslog.d/client.conf file gets more advanced. As of Week 6, we added a new client and created a one-line configuration for this client to send messages to Graylog. Below is the line used in rsyslog.d/client.conf to send logs to our specified log server, which then by port sends the logs to Graylog. Remember to restart rsyslog.