The Syslog daemon (rsyslog) on Ubuntu is configured through the /etc/rsyslog.d/50-default.conf configuration file. Follow the steps below to send all Syslog messages from an Ubuntu machine to EventSentry.
Open the file /etc/rsyslog.d/50-default.conf in an editor.
Append the following line to the bottom:
service rsyslog restart
Replace "eventsentryserver" with the host name or IP address of the host where EventSentry's network services service is installed and running. We recommend that you create a CNAME record (e.g. "syslog", "log", "eventsentry") on your DNS server and use that alias in the configuration files.
It is not necessary to send all Syslog messages to EventSentry, e.g. the following lines only send critical messages to a host with the CNAME alias "eventsentry":
*.emerg @eventsentry:514 *.alert @eventsentry:514 *.crit @eventsentry:514 *.err @eventsentry:514 *.warning @eventsentry:514