Keep your finger on the pulse with rsyslog and LogAnalyzer

It’s easy to miss something when you need to monitor dozen of logs on different servers and some other devices. Fortunately, there is a simple solution as you can use rsyslog with PostgreSQL or MySQL support to store all local and remote events on your network and then visualize results using LogAnalyzer.

Send events to the @local.rsyslog.server:

*.*    @local.rsyslog.server

Inform rsyslog to use MySQL database (after populating database):

$ModLoad ommysql.so
*.*    :ommysql:server,dbname,user,pass

Configure rsyslog to listen on UDP port and accept events only from predefined hosts or networks:

$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 11.21.33.41, 10.5.3.0/24