Get Messages In

Log into the VM

We’re going to use rsyslog because we already have it from the Graylog server image. So, go to the image and login with ubuntu/ubuntu.


Modify rsyslog.conf

Go to the /etc directory, and use vi, vim (vim Cheat Sheet), or the editor of your choice to modify the /etc/rsyslog.conf file. There are excellent resources on the web for rsyslog configuration.

At the bottom of the file, add the following so messages will forward:

*.* @;RSYSLOG_SyslogProtocol23Format

In case you wanted to know, @ means UDP, is localhost, and 5140 is the port.

You can find out more about ingesting syslog messages with Graylog in our Syslog configuration guide.

Restart rsyslog


$sudo service rsyslog status
$sudo service rsyslog restart

If you have modified the config file and it is somehow invalid, the service command will not bring rsyslog back up - so don’t worry, you can always delete the line!