Hey guys,
I'm trying to setup a remote syslog collector server which will forward it to Sentinel.
I have a Linux machine already set up and an ESXi that i've changed the Syslog.global.logHost to my remote machine.
My question is where the actual logs are going to be saved on the remote machine?
Should I also edit the Syslog.global.logDir to my desired folder on the remote machine?
I was using this guide.
Configuring syslog on ESXi (2003322) (vmware.com)
Hi @netanelpe
you don't have to specify the path. Just be sure that you configured ingestion on a Sentinel.
Regards
Alex
@virtualinca @lek Thanks for the quick reply but the logs are just being forwarded through the machine? It doesn't save it anywhere on the Linux machine
Or am I missing something?
Are you using rsyslog on a Linux VM? The rsyslog service keeps various log files in the /var/log directory. Check if you have any logs within /var/log or /var/log/syslog. You can use the following command: cat /var/log/syslog | grep <fqdn ESXi/IP> | more
Configured Log Analytics Agent forwards logs to Azure, but you have to configure it first. -> Collect Syslog data sources with the Log Analytics agent in Azure Monitor - Azure Monitor | Microsof...
If it helped, don't forget kudos 😉
Hey,
I'm using the Azure Agent to forward the logs so I will just check sentinel.
Just wanted to make sure if any data is being written to the vm itself and where.
No worries, if this was helpful please click on a like button.