Get Messages In

Log into the VM

We’re going to use rsyslog because we already have it running on the virtual machine. So, go to the image and login with ubuntu/ubuntu.

../../_images/gs_6-glslogin.png

Modify rsyslog.conf

Go to the /etc directory, and use vi, vim (vim Cheat Sheet), or the editor of your choice to modify the /etc/rsyslog.conf file. There are excellent resources on the web for rsyslog configuration.

At the bottom of the file, add the following so messages will forward:

*.* @127.0.0.1:514;RSYSLOG_SyslogProtocol23Format

In case you wanted to know, @ means UDP, 127.0.0.1 is localhost, and 514 is the port.

../../_images/gs_7-rsyslogadd.png

You can find out more about ingesting syslog messages with Graylog in our Syslog configuration guide.

Restart rsyslog

Type:

$sudo service rsyslog status
$sudo service rsyslog restart

If you have modified the config file and it is somehow invalid, the service command will not bring rsyslog back up - so don’t worry, you can always delete the line!

Ingesting more log messages

Please refer to Sending in log data for further instructions about configuring Graylog and ingesting data from external sources.