Sending Json formatted logs through rsyslog

kkrrss · 08-22-2018, 01:57 PM

Hello There,

Since I'm troubling with sending my Json formatted logs to my SIEM server through rsyslog. since I'm very new to use rsyslog and still don't understand how to deal with it.

Here is my requirements.

01. I have a script that I get the event logs through API query from remote server (Jumpcloud) and write into a file (file name jumpcloud.log) which output is Json format.

02. I want rsyslog to read the content from jumpcloud.log frequently and send it to my SIEM server.

Can anyone help me to do this for me? appreciate if you can guide me as I'm struggling with this for few weeks now.

Thank You

unSpawn · 08-25-2018, 06:59 AM

Quote:

Originally Posted by kkrrss

since I'm very new to use rsyslog and still don't understand how to deal with it. (..) I'm struggling with this for few weeks now.

What you want Rsyslogd to do isn't special in any way: check 'man rsyslog.conf' the "Modules" section for the "imfile" module for reading log files and the "Remote machine" section on how to send log lines elsewhere. Also post what you've tried already and your suggested edits. That way we can gauge what kind of help you need: much more efficient for all.