Get Messages In

Log in to the VM

We’re going to use rsyslog to ship messages to Graylog since it’s already running on the virtual machine.

To start, go to your virtual machine’s window (starting it back up if needed) and login with ubuntu for both the username and password.

../../_images/gs_6-glslogin.png

Modify rsyslog.conf

Go to the /etc directory, and use vi, vim (vim Cheat Sheet), or the editor of your choice to modify the /etc/rsyslog.conf file. There are excellent resources on the web for rsyslog configuration.

At the bottom of the file, add the following so messages will forward:

*.* @127.0.0.1:514;RSYSLOG_SyslogProtocol23Format

In case you’re curious: @ means UDP, 127.0.0.1 is localhost, and 514 is the port. Fortunately, our Graylog environment has an input to accept syslog messages on UDP port 514!

../../_images/gs_7-rsyslogadd.png

You can find out more about ingesting syslog messages with Graylog in our Syslog configuration guide.

Restart rsyslog

Type:

$ sudo service rsyslog status
$ sudo service rsyslog restart

If you have modified the config file and it is somehow invalid, the service command will not bring rsyslog back up - but don’t worry, you can always delete the line!

Ingesting more log messages

Please refer to Sending in log data for further instructions about configuring Graylog and ingesting data from external sources.