Preparing Your Syslog Server for SOTI MobiControl

If Using a Kiwi Syslog Server

Follow the instructions in the Kiwi documentation for Configuring a UDP or TCP input option to configure a Kiwi Syslog server for use with SOTI MobiControl, .

If Using a Splunk Syslog Server

To configure a Splunk Syslog server for use with SOTI MobiControl, follow the instructions in the Splunk documentation for Adding a network input.

If Using RSyslog

1. Install Rsyslog on your computer. Rsyslog may already be installed on your computer. To check, run the following command in the Linux console: less /etc/rsyslog.conf
2. Run the following command in the Linux console: sudo vim /etc/rsyslog.conf
   Note: You can edit the syslog configuration file using any text editor.
3. To enable TCP, locate the following lines and uncomment them.

   
   # provides UDP syslog reception
   module(load="imudp")
   input(type="imdudp" port="514")
   

4. To enable UDP, locate the following lines and uncomment them.

   
   # provides TCP syslog reception
   module(load="imtcp")
   input(type="imtcp" port="601")
   

5. Restart Rsyslog to apply the settings by entering the following command: sudo systemctl restart rsyslog
6. To view logs, issue a tail command as follows: tail -f /var/log/syslog

Sample Rsyslog Configuration File

$ModLoad imuxsock # local messages
$ModLoad imtcp # TCP listener

# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem

$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.example.net
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514