Event delivery to external syslogΒΆ
To configure the system for event delivery to an external syslog server, do the following:
Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the
su
command.Open the internal syslog configuration file by entering:
# vi /etc/rsyslog.d/99-beacon.conf
In line 13 of the file, replace:
# authpriv.alert @log.host.port
with:
# authpriv.alert @75.76.75.76:9992
and replace 75.76.75.76:9992 with the syslog host address and listening port number.
After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:
# systemctl restart rsyslog
With this configuration set, any events that have syslog delivery enabled will be logged to the external syslog server every time they are triggered.