Shipping Logs Via Syslog

Installing an observIQ agent and shipping logs vis Syslog.

Install an Agent

Syslog can run via an agent on Linux, Windows, MacOS, or Raspberry Pi. To install an agent, navigate to the Fleet page. Click the Add Agent button, then choose the appropriate Platform for your agent. The platform-specific source is enabled by default. Click Next to go to the agent installation page. Copy and run the installation command on the host you'd like to gather logs from.

  • For Linux or Raspberry Pi, SSH into the target host. Paste the install command in your terminal, and hit enter.
  • For Windows, RDP into your target Windows host and open a CMD Prompt or Powershell with the 'Run as Administrator' option. Paste the install command in your CMD Prompt or Powershell, and hit enter.
  • For MacOS, open your Terminal, paste the command, and hit enter.

The agent installer will run, download the required files automatically, and install the agent in less than 30 seconds. An "Installation Successful!" message will be displayed if the agent was installed successfully.

Configure a Syslog Source

After a successful installation, you'll see your newly-installed Agent at the bottom of the installation page. There will already be a default source configured depending on which operating system your agent is running on. To install Syslog, click Next and then Add a Source.

Next, choose Syslog and configure the port (default is 514) before clicking Add Source. Once it's created, click Finish Setup and go to the Explore tab to begin seeing logs!

Create Inbound Firewall Rule

In Windows, it may be necessary to set up an inbound firewall rule for Syslog.

  • Navigate to Windows Firewall Advanced Settings, and then Inbound Rules
  • Create a new rule and set the Rule Type to "Port"
  • For Protocol and Ports, select "UDP" and a specific local port of 514
  • For Action, select "Allow the connection"
  • For Profile, apply to "Domain", "Private", and "Public"
  • Set a name to easily identify rule, such as "Allow Syslog Inbound Connections to 514 UDP"

Congrats! You're shipping logs with your first observIQ Log Agent! Next step learn how to best view your logs - View your logs.


What’s Next