In most cases, you don’t need to make any changes to your Skyline Collector. For some environments, you have a mandate to ensure that all syslog are sent to a centralized repository for audit analysis. It doesn’t matter if that centralized syslog server is a VMware Log Insight, Splunk, or ELK. Here are the instructions on how to configure your Skyline Collector to send syslog data.
1 – Log into your Skyline Collector
2 – install rsyslog
|
1 |
tdnf install rsyslog |
3 – configure /etc/rsyslog.conf and add. Replace LOGSERVER with desired log server.
|
1 |
“*.* @@LOGSERVER:514” |
4 – restart daemon
|
1 |
systemctl restart rsyslog.service |
5 – ensure that it starts after a reboot
|
1 |
systemctl enable rsyslog.service |
There you have it. You now have set up rsyslog for your Skyline cCollector. If you did everything right, you log server should be receiving your Skyline Collector syslog data.
Comments