We have the central log server on the graylog. It’s time to feed the server with information.
1. install syslog
yum install syslog-ng
2. and config it
vi /etc/syslog-ng/syslog-ng.conf
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (yes);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
destination d_graylog {
syslog("graylog.local.test" port(514));
};
or config rsyslog:
vi /etc/rsyslog.conf
*.* @@graylog.local.test:514
3. enable and start services
systemctl enable syslog-ng systemctl start syslog-ng
or
systemctl restart rsyslog