In most cases, you don’t need to make any changes to your Skyline Collector. For some environments, you have a mandate to ensure that all syslog are sent to a centralized repository for audit analysis. It doesn’t matter if that centralized syslog server is a VMware Log Insight, Splunk, or ELK. Here are the instructions on how to configure your Skyline Collector to send syslog data.
1 – Log into your Skyline Collector
2 – install rsyslog
|
1 |
tdnf install rsyslog |
3 – configure /etc/rsyslog.conf and add. Replace LOGSERVER with desired log server.
|
1 |
“*.* @@LOGSERVER:514” |
4 – restart daemon
|
1 |
systemctl restart rsyslog.service |
5 – ensure that it starts after a reboot
|
1 |
systemctl enable rsyslog.service |
There you have it. You now have set up rsyslog for your Skyline cCollector. If you did everything right, you log server should be receiving your Skyline Collector syslog data.
