# Logging with Rsyslog

**Scenario:** You want to deliver your logs via TCP/syslog to a logging service on a server with Rsyslog. You can do this through your Gateway/Relay server with a little setup.

{% hint style="info" %}
As with all Gateway/Relay logs, the logs stored on the Gateway/Relay will not include Admin UI activities, which can be accessed via the `sdm audit activities` command.
{% endhint %}

1. On the logging server (i.e., the target/destination to which the logs will be written), edit the `/etc/rsyslog.conf` file and add the following lines:

   ```bash
   #Provides TCP syslog reception

   $ModLoad imtcp
   $InputTCPServerRun 514
   # You can optionally use $InputTCPMaxSessions to specify a maximum amount of connections
   # $InputTCPMaxSessions 500

   # Sets up logging so that the hostname and program name are visible in order to better parse logs for sdm.
   $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
   *.* ?RemoteLogs
   ```
2. On the logging client (the Gateway/Relay server), edit `/etc/rsyslog.d/loghost.conf` and add the IP address of the logging server (the target server, not the Gateway/Relay) along with the port it is listening on:

   ```bash
   *.* @@192.168.1.150:514
   ```
3. On the [Admin UI > Settings > Security](https://app.strongdm.com/app/settings/security) page, select the **Log Encryption & Storage** tab, select **Log locally on relays**, and then under **Local storage** select **syslog**. Add the IP address of the logging server along with the port it is listening on:

   ```bash
   192.168.1.150:514
   ```

Now you have configured StrongDM to send logs to your Gateway/Relay server and then deliver them to another target service.