Rsyslog messages and Graylog


Sometimes you need to check logs from your servers without usual tail command or something else. For this purposes you can setup redirect all system logs to your Graylog instance.

Installation and usage

Let’s install rsyslog first (we assume what you have deb based system).

sudo apt-get install rsyslog

Cool, let’s edit rsyslog configuration and add / edit few lines.

sudo vim /etc/rsyslog.conf

Let’ set IP address of our Graylog server

$ModLoad imudp
$UDPServerRun 8514
$template GRAYLOGRFC5424,"%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
*.* @XX.XX.XX.XX:8514;GRAYLOGRFC5424

And last step - restart your rsyslog instance.

systemctl restart rsyslog

At last step just add new system input to fetch all system messages.

graylog

Click “Show received messages” and check how it’s working.

graylog

Enjoy your logs!