Prerequisites
Before sending logs remotely, make sure you have:
- A remote log server (see Article 81)
- Root or sudo privileges
Method 1: Forward All Logs via Rsyslog
Connect to your VPS:
ssh hxroot@YOUR_SERVER_IP -p 22sudo nano /etc/rsyslog.confAdd at the end:
*.* @REMOTE_LOG_SERVER:514Restart rsyslog:
sudo systemctl restart rsyslogMethod 2: Forward Only Specific Logs
Create custom rules:
sudo nano /etc/rsyslog.d/50-remote.conf# Forward auth logs only
auth.* @REMOTE_LOG_SERVER:514
# Forward nginx access logs
if $programname == 'nginx' then @REMOTE_LOG_SERVER:514Method 3: Use Logstash/Filebeat (For Elastic Stack)
Install Filebeat:
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.11.0-amd64.deb
sudo dpkg -i filebeat-8.11.0-amd64.debConfigure filebeat.yml to send to Logstash or Elasticsearch.
Method 4: Send Logs with netcat (Simple)
Send a single log line:
echo "Test log" | nc -u REMOTE_LOG_SERVER 514Verify Logs Are Being Sent
On remote server, watch for incoming logs:
sudo tcpdump -i eth0 port 514✅ Log forwarding configured. Your logs are now sent to the remote server.