How do I send Syslog messages from CentOS/Redhat to EventSentry?

To send syslog messages from a CentOS machine to your EventSentry syslog daemon, you can use the default syslog service on CentOS/Redhat, ryslog. Here's a step-by-step guide on how to set this up:

Installation: Ensure you have rsyslog installed.

sudo yum install rsyslog

Configuration:

Edit the rsyslog configuration file.
sudo nano /etc/rsyslog.conf

Find the section related to remote syslog servers and add a line to forward messages. Here's the general format:

*.* @eventsentry_server_ip:514

For example, if your EventSentry syslog server's IP address is 192.168.1.100 and it's listening on the default syslog port (514), you'd add:
*.* @192.168.1.100:514

Note: Using @ will forward messages via UDP. If you want to use TCP (which is more reliable), use @@ instead.

Firewall Configuration: If you have a firewall enabled, you'll need to allow outgoing traffic on the syslog port.

For UDP:

sudo firewall-cmd --add-port=514/udp --permanent
sudo firewall-cmd --reload

For TCP (if you're using it):

sudo firewall-cmd --add-port=514/tcp --permanent
sudo firewall-cmd --reload

Restart rsyslog:

After making the necessary changes, restart the rsyslog service to apply them.

sudo systemctl restart rsyslog

Testing:

To test if syslog messages are being sent to EventSentry, you can use the logger command:

logger "Test message to EvenSentry Syslog Server."

Now, check in Web Reports (under Features > Syslog) to see if the test message appears.

Note: It is not necessary to send all Syslog messages to EventSentry, e.g. the following lines only send critical messages to a host with the CNAME alias "eventsentry":

*.emerg   @eventsentry:514
*.alert   @eventsentry:514
*.crit    @eventsentry:514
*.err     @eventsentry:514
*.warning @eventsentry:514