I have a central logsever, my Graylog server I wrote about earlier. I have no idea how to correctly use Graylog yet. But I do know I need some data, so I went through all my Debian servers and configured them all to send logs to my greylog server using rsyslog.
This is very straight forward task to do, just need a few lines in one config file.
I created the config file /etc/rsyslog.d/graylog.conf and added lines for what to log remotely.
# /etc/rsyslog.d/graylog.conf
auth,authpriv.* @srv-graylog.home.lan:514
daemon.warn @srv-graylog.home.lan:514
kern.warn @srv-graylog.home.lan:514
lpr.* @srv-graylog.home.lan:514
mail.* @srv-graylog.home.lan:514
user.* @srv-graylog.home.lan:514I added a multiple lines so I can comment out lines or change the level of detail I want in my graylog. I don't want to much spam, docker did spam a lot when I had daemon.* so I changed that one to daemon.warn.