10.5.1 Syslog
To enable forwarding of system logs, modify the configuration file of the syslog server to specify the protocol, IP address, and port of the central log server (such as vRealize Log Insight). The syslog configuration file is located in /etc/syslog-ng/syslog-ng.conf. The following two lines are pre-populated:
#destination logserver { udp("10.10.10.10" port(514)); };
#log { source(src); destination(logserver); };
Uncomment the two lines, and modify the fields. In this example, using TCP as the transport, 10.10.10.10 as the IP of the central syslog server, and port 514 as the syslog central server port, the entry would be:
destination logserver { tcp("10.10.10.10" port(514)); };
log { source(src); destination(logserver); };
Restart the syslog-ng service as root to incorporate the change.
Configure firewalls to allow access to the port specified for the syslog destination log server.
Design Considerations
Forward syslog messages to a centralized syslog collector such as vRealize Log Insight.