# Linux Server Logs In this guide, you'll configure Ubuntu Linux servers to forward system logs to Radiant Security using the Radiant Agent. By leveraging rsyslog, a reliable and high-performance logging system built into most Linux distributions, you'll establish a direct connection between your servers and the Radiant Agent. ### Prerequisites * [ ] Radiant Security Agent installed and running * [ ] Have the rsyslog package installed in the system ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data** **Connectors** and click **+ Add Connector.** 3. Search for and select the **Radiant Agent** option and then click **Data** **Feeds.** 4. Under **Select your data feeds**, select **Linux Server Logs** and click **Credentials**. 5. Under **Credential** **Name**, give your Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). 6. Click **Add** **Connector**. ### Configure a local Radiant Security Agent Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs. Before you begin the [Configure log forwarding in Linux](#configure-log-forwarding-in-linux) section, ensure you have the following information from your agent installation: * The **IP address** or **hostname** of the server on which the agent is installed. * The **port** configured for receiving Linux server logs. ### Configure log forwarding in Linux These steps assume you're familiar with basic command-line operations. Remember to press Enter after each command to execute it. #### Prerequisites check and installation 1. Access your Ubuntu Linux server. 2. Log in to your Ubuntu Linux system and switch to root privileges: ```bash sudo su- ``` 3. Enter your password when prompted. #### Verify rsyslog installation 1. Check if rsyslog is already installed: ```bash dpkg --list | grep rsyslog ``` The expected output if ryslog is installed should be: ```bash ii rsyslog 8.2312.0-3ubuntu9.1 ``` 2. If you see a blank line, then rsyslog is not installed. Install it with: ```bash apt install rsyslog ``` #### Create the rsyslog configuration 1. Navigate to the rsyslog configuration directory: ```bash cd /etc/rsyslog.d/ ``` 2. In the `/etc/rsyslog.d/` folder, create a new configuration file in the nano text editor: ```bash nano 100-radiant-agent.conf ``` 3. Within the nano text editor window, copy and paste the following configuration into the `100-radiant-agent.conf` file. ```bash action( type="omfwd" target="RADIANT_AGENT_IP_ADDRESS OR RADIANT_AGENT_DNS_NAME" port="5010" protocol="tcp" template="RSYSLOG_ForwardFormat" queue.type="linkedList" # Prevents blocking if remote server is offline ) ``` Then, replace the following placeholder values with your actual Radiant Agent details: * `RADIANT_AGENT_IP_ADDRESS OR RADIANT_AGENT_DNS_NAME` - The IP address or DNS name of your Radiant Agent server. * `RADIANT_AGENT_LINUX_SERVER_LOGS_PORT` - The port configured for receiving Linux server logs.
4. After pasting in the configuration and editing the placeholder values, save the file by pressing `Ctrl + O`, then the enter key. 5. After saving the file, exit the nano text editor by pressing `Ctrl + X`. 6. Verify that the `100-radiant-agent.conf` file was created: ```bash ls 100-radiant-agent.conf ``` You should see the filename displayed. If not, repeat steps 4-6. 7. Restart rsyslog: ```bash systemctl restart rsyslog ``` 8. Verify rsyslog successfully restarted by entering the following command: ```bash systemctl status rsyslog ``` Look for the line beginning with `Active: -` it should show `active (running)`.