search
Go to websiteTrust Center

Linux Server Logs

Configure syslog log forwarding for Ubuntu servers.

In this guide, you'll configure Ubuntu Linux servers to forward system logs to Radiant Security using the Radiant Agent. By leveraging rsyslog, a reliable and high-performance logging system built into most Linux distributions, you'll establish a direct connection between your servers and the Radiant Agent.

hashtag
Prerequisites

hashtag
Add the data connector in Radiant Security

  1. Log in to Radiant Securityarrow-up-right.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the Radiant Agent option and then click Data Feeds.

  4. Under Select your data feeds, select Linux Server Logs and click Credentials.

  5. Under Credential Name, give your Radiant Agent integration an identifiable name (e.g. Radiant Agent Integration).

  6. Click Add Connector.

hashtag
Configure a local Radiant Security Agent

Refer to the Install the Radiant Security Agentarrow-up-right guide to set up a local agent to collect the logs.

Before you begin the Configure log forwarding in Linux section, ensure you have the following information from your agent installation:

  • The IP address or hostname of the server on which the agent is installed.

  • The port configured for receiving Linux server logs.

hashtag
Configure log forwarding in Linux

These steps assume you're familiar with basic command-line operations. Remember to press Enter after each command to execute it.

hashtag
Prerequisites check and installation

  1. Access your Ubuntu Linux server.

  2. Log in to your Ubuntu Linux system and switch to root privileges:

  1. Enter your password when prompted.

hashtag
Verify rsyslog installation

  1. Check if rsyslog is already installed:

The expected output if ryslog is installed should be:

  1. If you see a blank line, then rsyslog is not installed. Install it with:

hashtag
Create the rsyslog configuration

  1. Navigate to the rsyslog configuration directory:

  1. In the /etc/rsyslog.d/ folder, create a new configuration file in the nano text editor:

  1. Within the nano text editor window, copy and paste the following configuration into the 100-radiant-agent.conf file.

Then, replace the following placeholder values with your actual Radiant Agent details:

  • RADIANT_AGENT_IP_ADDRESS OR RADIANT_AGENT_DNS_NAME - The IP address or DNS name of your Radiant Agent server.

  • RADIANT_AGENT_LINUX_SERVER_LOGS_PORT - The port configured for receiving Linux server logs.

  1. After pasting in the configuration and editing the placeholder values, save the file by pressing Ctrl + O, then the enter key.

  2. After saving the file, exit the nano text editor by pressing Ctrl + X.

  3. Verify that the 100-radiant-agent.conf file was created:

You should see the filename displayed. If not, repeat steps 4-6.

  1. Restart rsyslog:

  1. Verify rsyslog successfully restarted by entering the following command:

Look for the line beginning with Active: - it should show active (running).

PreviousKeycloakNextMicrosoft O365

Last updated