Event delivery to internal syslog¶

To configure the system for event delivery to internal syslog, do the following:

Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the su command.
Open the internal syslog configuration file by entering:
```
# vi /etc/rsyslog.d/50-default.conf
```

In line 9 of the file, replace:

*.*;auth,authpriv.none -/var/log/auth.log

with:

*.*;auth,authpriv.* -/var/log/auth.log

After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:
```
# systemctl restart rsyslog
```

With this configuration set, any events that have syslog delivery enabled will be logged to the internal syslog on the Plixer Endpoint Analytics appliance every time they are triggered.