Remote machine Syslog Configuration:
Provided below are the changes required for rsyslog configuration on a debian system. Please refer to respective operating system official sites for more information
cat /etc/rsyslog.conf
$ModLoad imuxsock.so #provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so #provides kernel logging support (previously done by rklogd)
$ModLoad immark.so #provides --MARK-- message capability
$ModLoad imudp.so
$UDPServerRun 514
$ModLoad imtcp.so
$InputTCPServerRun 514
#Logs will be placed in separate folders based on hostnames and process modules in the provided path
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
& ~
$template precise,"%msg%\n"
*.* /var/log/messages
auth,authpriv.* /var/log/auth.log
Save the changes and restart the rsyslog services to bring the changes in effect.
Last modified date: 08/28/2023