Linux Server - Integration Guide

This guide will show you how to integrate a Linux server into the Secure60 platform.

Overview

This guide will explain how to monitor Linux instances through configuration of Syslog. As always if you have any additional questions, don’t hesitate to contact Secure60 Support.

Install Syslog

  1. (Prerequisite) Install the Secure60 Collector
  2. (Optional) Install syslog on Linux Most Linux instances come preconfigured with syslog installed. If needed manually install:
sudo apt install rsyslog
  1. Modify the Syslog configuration file located at /etc/rsyslog.conf with the following content:


# Global directives for TLS
global(
  DefaultNetstreamDriverCertFile="/etc/ssl/certs/example_cert.crt" # Client certificate
  DefaultNetstreamDriverKeyFile="/etc/ssl/private/example_key.pem" # Client private key
)

# without ssl, default syslog port using TCP
*.* @@<S60_COLLECTOR_IP_ADDRESS>:514 

# without ssl, default syslog port using UDP
*.* @<S60_COLLECTOR_IP_ADDRESS>:514 

# You run syslog with SSL
action(type="omfwd" protocol="tcp" target="<S60_COLLECTOR_IP_ADDRESS>" port="6514"
       StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="anon")

Ensure you replace <S60_COLLECTOR_IP_ADDRESS> with the actual IP address of your Secure60 collector.. Also enable TLS validation with signed certificates as needed.

To restart the Syslog service, execute the following commands:

systemctl restart rsyslog

To check the status of Syslog, use the command:

systemctl status rsyslog
journalctl -u rsyslog

Integrate with Secure60 Collector

To enable Syslog integration in the S60-collector, modify the .env file as follows:

ENABLE_SYSLOG=true
ENABLE_LINUX_SYSLOG=true

Logs can be viewed in the Secure60 portal.

Back to top