Collecting Syslog with Retrace Agent
- Updated On 13 Jun 2018
- 1 Minute To Read
The following section will cover how to enable sending your Linux syslogs to Retrace to be viewed in the Logs Dashboard with an agent running on your server.
Enabling Syslog with Retrace
Go to Servers > Locate your Linux server > Click the 3 dots on the right > Click on 'Server Settings'
To enable syslog on your server, go to the server settings of the server and check the Syslog checkbox.
By enabling this setting, an **rsyslog.conf **file will be created in the /etc/ directory. You can edit this file for some additional configurations around your syslogs.
It is possible to forward to a TCP port by modifying the line:
It is also possible to omit the messages format:
Enabling Syslog Manually
You can also edit your rsyslog.conf file manually and the agent will pick up these settings. To enable syslog for Stackify manually, you should take the following steps:
- In a text editor, add a single line in the /etc/rsyslog.conf file:
- Restart the rsyslog service:
sudo service rsyslog restart
- Restart the stackify-agent service:
sudo service stackify-agent restart
Rsyslog will now forward all the messages to UDP port 10514. The Stackify Agent will create a listener on the specified port and process incoming messages. You can use any port number greater than 1024 to bind to the Stackify agent.
Note: The port cannot not be used by any other application. Stackify Agent does not have established permissions for listening on privileged ports, which is why the port number must be greater than 1024. Use your IP address instead of a hostname in the rsyslog.conf. file.
Setting up Defaults via the Log Collectors
You can enable syslogs per server in the server settings as mentioned earlier, or you can enable it globally for all new and existing servers in the Log Collectors page. By turning on the Syslog settings, all new servers that you install will have syslog enabled by default. By clicking on APPLY at the top of the page will enable the setting on all existing servers. See this doc for more information.