Customers with Alert Logic® log management functionality are asked to forward all syslog messages to Alert Logic as standard practice. This is accomplished by adding the following line to rsyslog.conf:
This forwards all syslog messages to the log management appliance, remote collector, or Alert Logic agent. The IP address and port vary based on the destination.
If collecting all syslog messages from a host is resulting in too many logs being collected, you can choose to send only certain syslog messages as needed. To accomplish this, you can replace the wildcard (*.*) in the line above with specific applications and logging levels. See the following examples using an agent as a collection point.
Note: It is up to you to determine which applications to log or what logging level is preferred. Alert Logic is unable to provide individual recommendations to make this determination.