Send logs to Syslog server

[brianhillnovus]

It would be awesome if we could have the logs from Zoraxy sent to a syslog server, like "rsyslog" or Graylog.

[tobychui]

I didn't use any of them. Can you quickly brief me through how I suppose to "send" them the logs (RESTFUL API I guess?) and what parameters are needed? (like token? credentials?)

[brianhillnovus]

"Syslog" is a standard TCP or UDP message format. Syslog servers typically listen on TCP or UDP port 514 (depending on configuration).

Here's documentation on the Rsyslog server which is pre-installed on almost every linux system and is industry standard for receiving and storing log messages: https://www.rsyslog.com/doc/index.html

With regards to Graylog, it's just a fancy tool for receiving syslog messages and storing them in an easily searchable database. It accepts standard syslog formatted messages.

Most services that support Syslog allow you to specify 3 criteria. 1) Syslog server IP/domain name. 2) TCP or UDP protocol. 3) Port that the Syslog server is listening on (default is 514). With those three bits of information logs can be sent from any service / application to the Syslog server.

How the logs are transmitted is dependent on the service / application itself. Here's an example of how NGINX is able to send logs to a syslog server: https://nginx.org/en/docs/syslog.html

I am not an expert at how the backend operation is configured but the premise of it is that output logs from the application can be piped to the syslog server. Right now I'm guessing you're just writing logs locally. Part of that same pipeline could have functionality added to also pipe the logs to a syslog server.