Basic Configuration
This first section will describe some basic configuration. Here you will not find complete configurations, but snippets on how to use different modules correctly and some description on how they are working.
Newbie guide to RSYSLOG
Installing RSYSLOG from RPM
Sending messages with tags larger than 32 characters
Using the syslog receiver module
Using the Text File Input Module
Some core configs
This section contains some basics. Things, that are used ever and ever again. It also contains some more in-depth description of what rsyslog does and why. It is recommended to at least briefly read through this part before going to more complex scenarios.
TLS secured syslog via RELP
Action’s with directives
Writing specific messages to a file and discarding them
Sending Messages to a Remote Syslog Server
Receiving Messages from a Remote System
Using a different log Format for all Files
Discarding unwanted messages
More complex scenarios
RSYSLOG and ElasticSearch
Parsing JSON (CEE) Logs and Sending them to Elasticsearch
Using TLS with RELP
Log normalization for different formats
Using MongoDB with RSYSLOG and LogAnalyzer
Normalizing Cisco ASA messages
Receiving CEE enhanced syslog in RSYSLOG
Storing and forwarding remote messages
How to write to a local socket?
Storing Messages from a Remote System into a specific File
Integration with “standard” syslogd