Configure syslog-ng on SynetoOS : Syneto Support Portal

To configure syslog-ng on SynetoOS to send the audit logs to an external collector, perform the following actions:

1. Login to SynetoOS as "admin" over SSH or VMware display console using current password and type to Activate unsupported shell and get SuperUser privileges:

un sh
sudo su -

2. Edit /usr/share/syslog-ng/include/scl/syneto/plugin.conf

Create a new destination entry for the remote host, you can give the destination any name - change the “remote” name. You can use either udp (default) or tcp.

destination remote { network("ip_address_of_host" transport("udp") port(port_number)); };

eg: destination remote { network("192.0.2.10" transport("udp") port(514)); };

3. Find the row log { source(s_local); filter(f_audit); destination(d_audit); flags(final); };

4. Add this new entry

log { source(s_local); filter(f_audit); destination(remote);};

before the row

{ source(s_local); filter(f_audit); destination(d_audit); flags(final); };

5. Save the file and restart the service as "root" using:

svcadm restart svc:/system/syslog-ng:default

Configure syslog-ng on SynetoOS

Related Articles