# Linux Server Logs
In this guide, you'll configure Ubuntu Linux servers to forward system logs to Radiant Security using the Radiant Agent. By leveraging rsyslog, a reliable and high-performance logging system built into most Linux distributions, you'll establish a direct connection between your servers and the Radiant Agent.
### Prerequisites
* [ ] Radiant Security Agent installed and running
* [ ] Have the rsyslog package installed in the system
### Add the data connector in Radiant Security
1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data** **Connectors** and click **+ Add Connector.**
3. Search for and select the **Radiant Agent** option and then click **Data** **Feeds.**
4. Under **Select your data feeds**, select **Linux Server Logs** and click **Credentials**.
5. Under **Credential** **Name**, give your Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`).
6. Click **Add** **Connector**.
### Configure a local Radiant Security Agent
Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.
Before you begin the [Configure log forwarding in Linux](#configure-log-forwarding-in-linux) section, ensure you have the following information from your agent installation:
* The **IP address** or **hostname** of the server on which the agent is installed.
* The **port** configured for receiving Linux server logs.
### Configure log forwarding in Linux
These steps assume you're familiar with basic command-line operations. Remember to press Enter after each command to execute it.
#### Prerequisites check and installation
1. Access your Ubuntu Linux server.
2. Log in to your Ubuntu Linux system and switch to root privileges:
```bash
sudo su-
```
3. Enter your password when prompted.
#### Verify rsyslog installation
1. Check if rsyslog is already installed:
```bash
dpkg --list | grep rsyslog
```
The expected output if ryslog is installed should be:
```bash
ii rsyslog 8.2312.0-3ubuntu9.1
```
2. If you see a blank line, then rsyslog is not installed. Install it with:
```bash
apt install rsyslog
```
#### Create the rsyslog configuration
1. Navigate to the rsyslog configuration directory:
```bash
cd /etc/rsyslog.d/
```
2. In the `/etc/rsyslog.d/` folder, create a new configuration file in the nano text editor:
```bash
nano 100-radiant-agent.conf
```
3. Within the nano text editor window, copy and paste the following configuration into the `100-radiant-agent.conf` file.
```bash
action(
type="omfwd"
target="RADIANT_AGENT_IP_ADDRESS OR RADIANT_AGENT_DNS_NAME"
port="5010"
protocol="tcp"
template="RSYSLOG_ForwardFormat"
queue.type="linkedList" # Prevents blocking if remote server is offline
)
```
Then, replace the following placeholder values with your actual Radiant Agent details:
* `RADIANT_AGENT_IP_ADDRESS OR RADIANT_AGENT_DNS_NAME` - The IP address or DNS name of your Radiant Agent server.
* `RADIANT_AGENT_LINUX_SERVER_LOGS_PORT` - The port configured for receiving Linux server logs.
4. After pasting in the configuration and editing the placeholder values, save the file by pressing `Ctrl + O`, then the enter key.
5. After saving the file, exit the nano text editor by pressing `Ctrl + X`.
6. Verify that the `100-radiant-agent.conf` file was created:
```bash
ls 100-radiant-agent.conf
```
You should see the filename displayed. If not, repeat steps 4-6.
7. Restart rsyslog:
```bash
systemctl restart rsyslog
```
8. Verify rsyslog successfully restarted by entering the following command:
```bash
systemctl status rsyslog
```
Look for the line beginning with `Active: -` it should show `active (running)`.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/linux-server-logs.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.