Event delivery to external syslog

To configure the system for event delivery to an external syslog server, do the following:

1. Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the su command.

2. Open the internal syslog configuration file by entering:

   # vi /etc/rsyslog.d/99-beacon.conf
   

3. In line 13 of the file, replace:

   # authpriv.alert @log.host.port
   

   with:

   # authpriv.alert @75.76.75.76:9992
   

   and replace 75.76.75.76:9992 with the syslog host address and listening port number.

4. After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:

   # systemctl restart rsyslog
   

With this configuration set, any events that have syslog delivery enabled will be logged to the external syslog server every time they are triggered.