Event delivery to external syslogΒΆ

To configure the system for Event delivery to an external syslog server, do the following:

  1. Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the su command.

  2. Open the internal syslog configuration file by entering:

    # vi /etc/rsyslog.d/99-beacon.conf
    
  3. In line 13 of the file, replace:

    # authpriv.alert @log.host.port
    

    with:

    # authpriv.alert @75.76.75.76:9992
    

    and replace 75.76.75.76:9992 with the syslog host address and listening port number.

  4. After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:

    # systemctl restart rsyslog
    

With this configuration set, any Events that have syslog delivery enabled will be logged to the external syslog server every time they are triggered.