This chapter uses rSyslog as an example of an external Syslog server.

rSyslog is an open-source software tool used on Linux systems to forward log messages over an IP network. It implements the basic Syslog protocol and extends it with content-based filtering and advanced features. The rsyslog service provides capabilities such as filtering, queue management for offline outputs, support for various output modules, flexible configuration options, and the use of TCP for message transport.

rSyslog uses the BSD Syslog standard protocol as defined in RFC 3164. Since RFC 3164 is more of an informational description than a strict standard, several incompatible extensions have been developed. rSyslog supports many of these extensions (including RFC 5424) and allows flexible formatting of forwarded messages (Source: https://en.wikipedia.org/wiki/Rsyslog).

Installation

Install the rSyslog package on an external server or VM (e.g., on an Application Unit (AU)) according to the operating system in use.

Starting the Service

Once installed, you can start/enable the rsyslog.service.

Configuration 

Configuration File

The configuration for rSyslog is stored in the file /etc/rsyslog.conf.

To enable reception of CLIP events, the following settings must be added to /etc/rsyslog.conf:

     # provides TCP syslog reception
     $ModLoad imtcp
     $InputTCPServerRun 514

This activates the TCP input module for the server and opens the default Syslog port (514) to receive incoming messages.

For further configuration options, refer to the official rSyslog documentation.

Facility Level

All messages sent by CLIP are configured in rSyslog with a facility value of 1 (user-level messages) and a severity of 6 (informational).