Linux Server - Integration Guide

This guide will show you how to integrate a Linux server into the Secure60 platform.

Overview

This guide will explain how to monitor Linux instances through configuration of Syslog. As always if you have any additional questions, don’t hesitate to contact Secure60 Support.

Install Syslog

  1. (Prerequisite) Install the Secure60 Collector
  2. (Optional) Install rsyslog on Linux Most Linux instances come preconfigured with syslog installed. Adding TLS Support normally requires an additional package. If needed manually install:
#Check if already exists:
systemctl status rsyslog

#Ubuntu
sudo apt install rsyslog
#RHEL / Rocky
sudo fnd install rsyslog

The if needed add TLS Support

#RHEL / Rocky:
sudo dnf install rsyslog-gnutls
  1. Create a new file at nano /etc/rsyslog.d/10-tls-forward.conf with the following content:
# without ssl, default syslog port using TCP
*.* @@<S60_COLLECTOR_IP_ADDRESS>:514 

# without ssl, default syslog port using UDP
*.* @<S60_COLLECTOR_IP_ADDRESS>:514 

# TLS settings for self-signed certs
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon

# Forward all logs via TLS
*.* @@S60_COLLECTOR_IP_ADDRESS:6514

Ensure you replace <S60_COLLECTOR_IP_ADDRESS> with the actual IP address of your Secure60 collector.. Also enable TLS validation with signed certificates as needed. To restart the Syslog service, execute the following commands:

systemctl restart rsyslog

To check the status of Syslog, use the command:

systemctl status rsyslog
journalctl -u rsyslog

Integrate with Secure60 Collector

To enable Syslog integration in the S60-collector, modify the .env file as follows:

ENABLE_SYSLOG=true
ENABLE_LINUX_SYSLOG=true

Logs can be viewed in the Secure60 portal.

Back to top