Preparing Your Syslog Server for SOTI MobiControl
Important: These procedures are performed on third-party tools and are therefore subject to change without notice. Always refer to the relevant software documentation for the latest information.
If Using a Kiwi Syslog Server
Follow the instructions in the Kiwi documentation for Configuring a UDP or TCP input option to configure a Kiwi Syslog server for use with SOTI MobiControl, .
If Using a Splunk Syslog Server
To configure a Splunk Syslog server for use with SOTI MobiControl, follow the instructions in the Splunk documentation for Adding a network input.
Note: In environments with multiple Management Servers (MS) and/or Deployment Servers (DS), the Splunk server must allow the selected traffic type (UDP or TCP) to and from all MS and DS.
If Using RSyslog
Important: For Linux computers only.
- Install Rsyslog on your computer. Rsyslog may already be installed on your computer. To check, run the following command in the Linux console:
less /etc/rsyslog.conf
- Run the following command in the Linux console:
sudo vim /etc/rsyslog.conf
Note: You can edit the syslog configuration file using any text editor. - To enable TCP, locate the following lines and uncomment them.
# provides UDP syslog reception module(load="imudp") input(type="imdudp" port="514")
- To enable UDP, locate the following lines and uncomment them.
# provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="601")
- Restart Rsyslog to apply the settings by entering the following command:
sudo systemctl restart rsyslog
- To view logs, issue a tail command as follows:
tail -f /var/log/syslog
Sample Rsyslog Configuration File
$ModLoad imuxsock # local messages
$ModLoad imtcp # TCP listener
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.example.net
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514