How can I reduce the volume of syslog messages sent from a host running rsyslog? | Log Manager FAQ

Customers with Alert Logic® Log Manager™ are asked to forward all syslog messages to Alert Logic as standard practice. This is accomplished by adding the following line to rsyslog.conf:

*.* @@;RSYSLOG_FileFormat

This forwards all syslog messages to the Log Manager appliance, Remote Collector, or Alert Logic Agent. The IP address and port vary based on the destination.

If collecting all syslog messages from a host is resulting in too many logs being collected, you can choose to send only certain syslog messages as needed. To accomplish this, you can replace the wildcard (*.*) in the line above with specific applications and logging levels. See the following examples using an agent as a collection point. 

cron.err @@ @@

Note: It is up to you to determine which applications to log or what logging level is preferred. Alert Logic is unable to provide individual recommendations to make this determination.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.