You’ve installed the Graylog system log manager to keep tabs on all of those Linux log files. It’s a great way to monitor various security layers and systems on the Linux servers in your data center. Out of the box, it’s going to do a great job of helping you monitor the logs on the server it’s installed on.

But what about those other servers?

Fortunately, Graylog makes it fairly painless to add remote servers to the list of machines to monitor. I’m going to show you how to do just that.

What you’ll need

  • A Linux server hosting Graylog
  • Some Linux clients to add

SEE: Identity theft protection policy (TechRepublic Premium)

How to configure Graylog to accept incoming syslog entries

We’re going to set up Graylog to accept syslog entries. Log in to your Graylog server and click System/Inputs. From the resulting window, select Syslog UDP from the Select Input drop-down (Figure A).

Figure A

The Graylog Inputs window is where you add new clients.

Click Launch New Input and fill out the following information (Figure B):

  • Node: Select the node for the hosting server.

  • Title: syslog

  • Bind address: 0.0.0.0

  • Port: 5140

Figure B

Filling out the information for the new input.

Once you’ve filled out that information, click Save. Now we need to configure our clients.

How to configure your Linux clients to sent syslog information

Now that Graylog is accepting syslog information, we need to configure our clients to send the information. To do that, SSH into a different Linux server (one you want to have send syslog details to Graylog) and create a new rsyslog configuration file with the command:

sudo nano /etc/rsyslog.d/90-graylog.conf

In that file, paste the following:

*.* @SERVER:5140;RSYSLOG_SyslogProtocol23Format

Where SERVER is the IP address of your Graylog server.

Save and close the file. Restart rsyslog with the command:

sudo systemctl restart rsyslog

How to view syslog entries on Graylog

If you go back to your Graylog server and click Search, you should see listings of all syslog entries from the newly-added client. Click one of the entries in the bottom pane and you can view the entry (Figure C).

Figure C

My Kubernetes controller is throwing quite a lot of information to the Graylog server.

And that’s all there is to adding a client to Graylog. Having syslog information sent to the Graylog server will give you plenty of information for you to start combing through.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.


Image: Getty Images/iStockphoto

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays