Sometimes you need to check logs from your servers without usual tail command or something else. For this purposes you can setup redirect all system logs to your Graylog instance.
Installation and usage
Let’s install rsyslog first (we assume what you have deb based system).
sudo apt-get install rsyslog
Cool, let’s edit rsyslog configuration and add / edit few lines.
sudo vim /etc/rsyslog.conf
Let’ set IP address of our Graylog server
$ModLoad imudp
$UDPServerRun 8514
$template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
*.* @XX.XX.XX.XX:8514;GRAYLOGRFC5424
And last step - restart your rsyslog instance.
systemctl restart rsyslog
At last step just add new system input to fetch all system messages.
Click “Show received messages” and check how it’s working.
Enjoy your logs!