# Logging with Rsyslog **Scenario:** You want to deliver your logs via TCP/syslog to a logging service on a server with Rsyslog. You can do this through your Gateway/Relay server with a little setup. {% hint style="info" %} As with all Gateway/Relay logs, the logs stored on the Gateway/Relay will not include Admin UI activities, which can be accessed via the `sdm audit activities` command. {% endhint %} 1. On the logging server (i.e., the target/destination to which the logs will be written), edit the `/etc/rsyslog.conf` file and add the following lines: ```bash #Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 # You can optionally use $InputTCPMaxSessions to specify a maximum amount of connections # $InputTCPMaxSessions 500 # Sets up logging so that the hostname and program name are visible in order to better parse logs for sdm. $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?RemoteLogs ``` 2. On the logging client (the Gateway/Relay server), edit `/etc/rsyslog.d/loghost.conf` and add the IP address of the logging server (the target server, not the Gateway/Relay) along with the port it is listening on: ```bash *.* @@192.168.1.150:514 ``` 3. On the [Admin UI > Settings > Security](https://app.strongdm.com/app/settings/security) page, select the **Log Encryption & Storage** tab, select **Log locally on relays**, and then under **Local storage** select **syslog**. Add the IP address of the logging server along with the port it is listening on: ```bash 192.168.1.150:514 ``` Now you have configured StrongDM to send logs to your Gateway/Relay server and then deliver them to another target service. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/audit/logs/scenarios/export-via-rsyslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.