Forwarding logs via Rsyslog

Rsyslog is a high-performance, open-source log processing engine for Linux that collects, filters, transforms, and routes event data from diverse sources (files, journald, network) to various destinations.

Realm Security integrates with rsyslog, enabling you to forward syslog messages from Linux/Unix hosts or any other source to a Realm Collector.

Data flow:

Source --> Rsyslog --> Realm collector --> Realm Data Fabric

Rsyslog Forwarding rule

Note: When forwarding data over to Realm data fabric, please make sure to forward data in IETF/RFC5424 (RSYSLOG_SyslogProtocol23Format) format.

action(type="omfwd" target="{collector_ip}" port="1518" protocol="tcp" template="RSYSLOG_SyslogProtocol23Format" TCP_Framing="octet-counted")

Available built-in templates are:

• RSYSLOG_TraditionalFileFormat: maps to BSD/RFC3164 syslog format
• RSYSLOG_TraditionalForwardFormat: BSD/RFC3164 and default when forwarding
• RSYSLOG_SyslogProtocol23Format - IETF/RFC5424 syslog format