Photon OS rsyslog send to Syslog Server – Quick Guide

calendarMar 19, 2020 · 1 min read · Photon OS vRLI  ·
Share on: linkedincopy

Requirements:

  • Photon OS based virtual machine
  • VMware vRealize Log Insight or any other Syslog server

Configuration of Photon OS:

Install rsyslog
tdnf install rsyslog

Extend /etc/rsyslog.conf with Syslog Server target

replace the following line:
*.* @@remote-host:514

with for example (syslog.local is the IP or name of your syslog server):
*.* @@syslog.local:514

restart rsyslog
systemctl restart rsyslog.service

in case rsyslog is not enabled
systemctl enable rsyslog.service

That’s the basic setup. Now how to send a specific log to syslog.

vi /etc/rsyslog.d/application.conf

$ModLoad imfile<br /> $InputFilePollInterval 10<br /> $InputFileName /opt/vmware/log/app.log<br /> $InputFileTag APP<br /> $InputFileStateFile Stat-APP<br /> $InputFileSeverity app<br /> $InputFileFacility local7<br /> $InputRunFileMonitor<br /> $InputFilePersistStateInterval 1000

restart rsyslog service

systemctl restart rsyslog.service

Result: