Search another article?
Syslog configuration on Ubuntu
On linux environment is not necessary to install a specific agent to send log to SGBox. The syslog protocol will be used.
If not already present, install rsyslog packet.
apt-get -y install rsyslog
Edit “50-default.conf” file
vi /etc/rsyslog.d/50-default.conf
Add the following row in order to send only authentication logs. Is possible use the IP or the hostname of SGBox
auth,authpriv.* @SGBox-IP
Alternatively, you can add the following row if you want send all logs to SGBox. It will be useful for a in-depth research.
*.* @SGBox-IP
Restart rsyslog deamon to load the new configuration and start to send logs
service rsyslog restart