Event delivery to external syslog¶
To configure the system for Event delivery to an external syslog server, do the following:
Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the
Open the internal syslog configuration file by entering:
# vi /etc/rsyslog.d/99-beacon.conf
In line 13 of the file, replace:
# authpriv.alert @log.host.port
# authpriv.alert @188.8.131.52:9992
and replace 184.108.40.206:9992 with the syslog host address and listening port number.
After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:
# systemctl restart rsyslog
With this configuration set, any Events that have syslog delivery enabled will be logged to the external syslog server every time they are triggered.