# Collect Logs with Rsyslog

### Install Rsyslog

1. **For Debian/Ubuntu:**

   ```
   sudo apt update
   sudo apt install rsyslog
   ```
2. **For RHEL/CentOS:**

   ```
   sudo yum install rsyslog
   sudo systemctl enable rsyslog
   sudo systemctl start rsyslog
   ```

Verify that rsyslog is running:

```
sudo systemctl status rsyslog
```

### Configure forwarding

Edit the rsyslog configuration file (usually /etc/rsyslog.conf or /etc/rsyslog.d/\*.conf).

1. Open the configuration file:

   ```
   sudo nano /etc/rsyslog.conf
   ```
2. Enable TCP forwarding by adding \*.\* @@remote-server-ip:514 to the config:

   ```
   # /etc/rsyslog.conf configuration file for rsyslog
   #
   # For more information install rsyslog-doc and see
   # /usr/share/doc/rsyslog-doc/html/configuration/index.html
   #
   # Default logging rules can be found in /etc/rsyslog.d/50-default.conf


   #################
   #### MODULES ####
   #################

   *.* @@<YOUR-ASCENT-ENV>:514
   ```
3. Save your changes and restart rsyslog

   ```
   sudo systemctl restart rsyslog
   ```

### Verify ingestion in Ascent

On your server, use **logger** to log a custom message which you can track easily in order to verify ingestion has been successful.

1. Use the logger command to trigger a custom log entry:

   ```
   logger "This is a test message from $(hostname)"
   ```

   *It might take a slight moment for this entry to appear in the Ascent product suite, so if it doesn’t show up immediately, give it a moment and check again.*
2. In your Ascent platform, navigate to **Explore > Logs & Insights**
3. In the filter view, search for namespace **default\_namespace**. Then look for your username which generated the custom log entry, and click on it.
4. This view should only display the custom log entry generated earlier


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apica.io/getting-started/ascent/getting-started-with-logs/collect-logs-with-rsyslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.