In this guide, we will walk you through the step-by-step process of configuring the syslog-ng on SynetoOS. 
By configuring this, you will be able to send audit logs to an external collector.

How to configure syslog-ng on SynetoOS

Step 1: Access SynetoOS CLI through SSH

  • If necessary, activate unsupported shell to get SuperUser privileges

    un sh

Step 2: Edit plugin.conf file

  • navigate through /usr where you should find the plugin.conf file

    cat /usr/share/syslog-ng/include/scl/syneto/plugin.conf

  • Edit the file with VI/VIM
    Before editing, It is most probable that to edit with either of two options, you'll need to 
    remove bash profile

    rm ~admin/.bash_profile

    remember to log out an restart ssh session after removing the bash profle and use sudo su - to get SuperUser privileges

  • Swap to insert profile to edit file by pressing ESC + i on your keyboard 

  • Create a new destination entry for the remote host
    Give the destination any name, in this example we used destination remote 
    It is possible to set udp or tcp protocol for transport

    destination remote { network("ip_address_of_host" transport("udp") port(port_number)); };

    Replace address and port numbers with your data: 

    eg: destination remote { network("" transport("udp") port(514)); };

  • Find the row:
 log { source(s_local); filter(f_audit); destination(d_audit); flags(final); };
  • Above the line you just find, add:
log { source(s_local); filter(f_audit); destination(remote);};

After applying all your changes, save and exit file  using ESC + :wq

Step 3: restart the syslog-ng service

  •  to restart the service insert

    svcadm restart svc:/system/syslog-ng:default