====== Ubuntu - Logging - Configure Rsyslog Client to Send Logs to Rsyslog Server ======

Check if the rsyslog service is running or not with the following command.

<code bash>
sudo systemctl status rsyslog
</code>

If it’s not installed, install it and start the service as shown earlier on.

<code bash>
sudo apt update && apt install rsyslog
sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog
</code>

Once the rsyslog service is up and running, open the main configuration file where you will perform changes to the default configuration.

<code bash>
sudo vim /etc/rsyslog.conf
</code>

To force the rsyslog daemon to act as a log client and forward all locally generated log messages to the remote rsyslog server, add this forwarding rule, at the end of the file as shown in the following screenshot.

<file bash /etc/rsyslog.conf>
*. *  @@192.168.100.10:514
</file>


The above rule will send messages from all facilities and at all severity levels.  To send messages from a specific facility for example auth, use the following rule.

<file bash /etc/rsyslog.conf>
auth. *  @@192.168.100.10:514
</file>

Save the changes and close the configuration file. To apply the above settings, restart the rsyslog daemon.

<code bash>
sudo systemctl restart rsyslog
</code>