I have a central logsever, my Graylog server I wrote about earlier. I have no idea how to correctly use Graylog yet. But I do know I need some data, so I went through all my Debian servers and configured them all to send logs to my greylog server using rsyslog.
This is very straight forward task to do, just need a few lines in one config file.
I created the config file
/etc/rsyslog.d/graylog.conf and added lines for what to log remotely.
# /etc/rsyslog.d/graylog.conf auth,authpriv.* @srv-graylog.home.lan:514 daemon.warn @srv-graylog.home.lan:514 kern.warn @srv-graylog.home.lan:514 lpr.* @srv-graylog.home.lan:514 mail.* @srv-graylog.home.lan:514 user.* @srv-graylog.home.lan:514
I added a multiple lines so I can comment out lines or change the level of detail I want in my graylog. I don't want to much spam, docker did spam a lot when I had
daemon.* so I changed that one to