Ubuntu - Logging - Configure Rsyslog Client to Send Logs to Rsyslog Server

Check if the rsyslog service is running or not with the following command.

sudo systemctl status rsyslog

If it’s not installed, install it and start the service as shown earlier on.

sudo apt update && apt install rsyslog
sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog

Once the rsyslog service is up and running, open the main configuration file where you will perform changes to the default configuration.

sudo vim /etc/rsyslog.conf

To force the rsyslog daemon to act as a log client and forward all locally generated log messages to the remote rsyslog server, add this forwarding rule, at the end of the file as shown in the following screenshot.

/etc/rsyslog.conf
*. *  @@192.168.100.10:514

The above rule will send messages from all facilities and at all severity levels. To send messages from a specific facility for example auth, use the following rule.

/etc/rsyslog.conf
auth. *  @@192.168.100.10:514

Save the changes and close the configuration file. To apply the above settings, restart the rsyslog daemon.

sudo systemctl restart rsyslog