How To setup the Forward via Syslog Action

This Guide is for the RSyslog Windows Agent.

1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows:

2. Then, a wizard starts. Change the name of the rule to whatever name you like. We will use “Forward syslog” in this example. The screen looks as follow:

Click “Next” to go on with the next step.

3. Select only Forward via Syslog. Do not select any other options for this sample. Also, leave the “Create a Rule for each of the following actions” setting selected. Click “Next”. You will see a confirmation page. Click “Finish” to create the rule set.

4. As you can see, the new Rule Set “Forward syslog” is present. Please expand it in the tree view until the action level of the “Forward syslog” Rule and select the “Forward syslog” action to configure.

5. Configure the “Forward via Syslog” Action
Type the IP or the Hostname of your syslog server into the Syslog Server field in the form. Then Change the protocol to “TCP (octet-count based framing”. We use TCP that we will have no traffic lost. And edit the Port to 10514. Attention RSyslog Windows Agent and rsyslog must use the same port and the same protocol.

6. Finally, make sure you press the “Save” button – otherwise your changes will not be applied. Then start the service and you are done.

Scroll to top