Linux Log Collection with Syslog

The use of syslog An industry standard message logging system that is used on many devices and platforms. is required to send log data from Linux systems to the USM Anywhere Sensor IP address over UDP on port 514, over TCP on port 601 or 602, or Transport Layer Security (TLS)-encrypted data over TCP on port 6514 or 6515.

Using Syslog to Send Logs from a Linux System

General InformationSyslog is an industry-standard message logging protocol that is used on many devices and platforms. It provides a mechanism for network devices to send event messages to a logging server, also known as a syslog server. In this case, a USM Anywhere Sensor is acting as the syslog server. USM Anywhere supports both the BSD syslog protocol (RFC 3164) and the syslog protocol (RFC 5424). For RFC 3164, USM Anywhere listens for syslog over UDP on port 514, TCP on port 601, or Transport Layer Security (TLS) on port 6514. For RFC 5424, USM Anywhere listens for syslog over TCP on port 602 or TLS on port 6515. For example, a router might send messages about users logging on to console sessions, while a web server might log access-denied events.

Follow the procedure that corresponds to the Linux distribution you use.