In this guide, we will walk you through the step-by-step process of configuring the syslog-ng on SynetoOS.
By configuring this, you will be able to send audit logs to an external collector.

How to configure syslog-ng on SynetoOS

Step 1: Access SynetoOS CLI through SSH

If necessary, activate unsupported shell to get SuperUser privileges
```
un sh
```

Step 2: Edit plugin.conf file

navigate through /usr where you should find the plugin.conf file
```
cat /usr/share/syslog-ng/include/scl/syneto/plugin.conf
```

Edit the file with VI/VIM
Before editing, It is most probable that to edit with either of two options, you'll need to remove bash profile
```
rm ~admin/.bash_profile
```
remember to log out an restart ssh session after removing the bash profle and use sudo su - to get SuperUser privileges
Swap to insert profile to edit file by pressing ESC + i on your keyboard
Create a new destination entry for the remote host
Give the destination any name, in this example we used destination remote
It is possible to set udp or tcp protocol for transport
```
destination remote { network("ip_address_of_host" transport("udp") port(port_number)); };
```
Replace address and port numbers with your data:
eg: destination remote { network("192.0.2.10" transport("udp") port(514)); };

Find the row:

 log { source(s_local); filter(f_audit); destination(d_audit); flags(final); };

Above the line you just find, add:

log { source(s_local); filter(f_audit); destination(remote);};

After applying all your changes, save and exit file using ESC + :wq

Step 3: restart the syslog-ng service

to restart the service insert

svcadm restart svc:/system/syslog-ng:default

*Configure syslog-ng on SynetoOS 4