ifup eth0
ip a add 192.168.1.200/24 dev eth0
ip route add default via 192.168.1.254

If not already present, install rsyslog packet.

zypper refresh
zypper update
zypper install vim
zypper install rsyslog
systemctl start rsyslog
systemctl enable rsyslog


Edit “rsyslog.conf” file

vi /etc/rsyslog.conf

Add the following row after $IncludeConfig /etc/rsyslog.d/*.conf in order to send only all logs. Is possible use the IP or the hostname of SGBox

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

systemctl restart rsyslog

Logs, by default, are stored in /var/log/messages

In this example, to read a Desktop log file:

$ModLoad imfile #Load the imfile input module
$InputFilePollInterval 2
$InputFileName /home/user/Desktop/events.log
$InputFileTag file-access:
$InputFileStateFile stat-file-access
$InputFileSeverity Info
$InputRunFileMonitor
$template file_log, " %msg% "

if $programname == 'file-access' then @10.25.2.68:514;file_log
if $programname == 'file-access' then stop

This configuration will read the file events.log and send it via syslog protocol UDP to the machine 10.250.2.68 .

The example content of the file events.log:

Test1 1 1 11 1 11 1
Test 2.2.2.2.2.2.2.2..2.2.2
Test 3.3.3.3.3.33.3.3.

Test 4.4.4.4.4.4.4.4
Testadasda sd 5 5 5 55 5
test 6.6.6.6.6.6.6
test 7.7.7.7.7 / 17.57

If no data timestamp is specified to the beginning of each line, there is the risk to have duplicated log.

See the results in LM > Analysis > Historical search

On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used.
If not already present, install rsyslog daemon.

Edit “syslog.conf” file

vi /etc/syslog.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon:

On Solaris 8 and 9 with command:
/etc/init.d/syslog stop | start

On Solaris 10 with command:
svcadm restart system/system-log

This article explains how to send logs from AIX systems to SGBox. It’s not necessary to install a specific agent. The syslog protocol will be used.

Log in to your AIX system
Edit “/etc/syslog.conf ” file

Add the following line
auth.info @SGBoxIP
The auth.info and the IP must be separated by a tab.
Save and exit.

Restart rsyslog deamon to load the new configuration and start to send logs

refresh -s syslogd

Add the following lines in the rsyslog file. In Ubuntu/Debian: /etc/rsyslog.d/50-default.conf or /etc/rsyslog.conf
$DefaultNetStreamDriverCAFile /root/certs/chain_bundle.crt
$DefaultNetStreamDriver gtls
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
$ActionSendStreamDriverAuthMode anon
*.* @@sgbox192.sgbox.it:6514

Restart the rsyslog service:
service rsyslog restart

On Xen systems is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used.

Edit “xenserver.conf” file

vi /etc/rsyslog.d/xenserver.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

service rsyslog restart

This section explain how to configure SNMP service on Linux systems in order to monitoring and collect detailed information about the server.

Requirements:

• Check that SNMP service is installed.

The command to install SNMP changes depending on distribution; Debian, RedHat, Centos, Solaris, for this reason we recommend to search the Internet for the correct command to install the service.

Debian/Ubuntu:

apt-get -y install snmpd

RedHad/Centos/Fedora:

yum -y install net-snmp net-snmp-utils

Once the installation is complete, make a copy of your original file and proceed with the configuration.

vim /etc/snmp/snmpd.conf

Specify the listening interface of server for the snmp service.

Enter the community name and SGBox ip address.

Save changes and restart the SNMP service.

Debian/Ubuntu:

service snmpd restart

RedHad/Centos/Fedora:

service snmpd restart

On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used.
If not already present, install rsyslog packet.

apt-get -y install rsyslog

Edit “rsyslog.conf” file

vi /etc/rsyslog.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

service rsyslog restart

yum -y install rsyslog

Edit “rsyslog.cong” file

vi /etc/rsyslog.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

systemctl restart rsyslog.service

yum -y install rsyslog

Edit “rsyslog.cong” file

vi /etc/rsyslog.conf

Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox

auth,authpriv.* @SGBox-IP

Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.

*.* @SGBox-IP

Restart rsyslog deamon to load the new configuration and start to send logs

systemctl restart rsyslog.service