Configure Syslog to Collect Arbitrary Log Files
To configure rsyslog within SWG, refer to the following example. In this example, rsyslog is configured to monitor the customer_maintained_lists.log file located at /opt/mwg/log/update/customer_maintained_lists.log. You can obtain this path from the CLI before proceeding with the configuration.
Configure rsyslog
To configure rsyslog:
- Go to Configuration > File Editor > rsyslog.conf from the SWG UI.
- Add the following lines to the rsyslog configuration file (legacy format).
# Load imfile module $ModLoad imfile # Monitor SWG log $InputFileName /opt/mwg/log/update/customer_maintained_lists.log $InputFileTag custom_log: $InputFileFacility local0 $InputFileStateFile custom_log.state $InputRunFileMonitor # Forward MWG logs to remote server local0.* @@[192.168.168.168]:514
Explanation of Directives
- $ModLoad imfile: Loads the imfile module, which enables rsyslog to monitor and read log files.
- $InputFileStateFile: Maintains a state file to track which log entries have already been processed, preventing duplicate entries from being sent.
- local0. @@[192.168.168.168]:514:* Forwards all SWG log messages with the local0 facility to a remote syslog server over TCP (indicated by @@) at the IPv4 address [192.168.168.168] on port 514.
O/P of syslog server
root@client-ubuntu64:/var/log/remote/mwgappl22692659# cat custom_log.log Oct 24 18:39:24 mwgappl22692659 custom_log: [2025-10-24 18:39:18.950 +00:00] Updated local subscribed list: test (com.scur.type.category.264) Oct 24 18:42:54 mwgappl22692659 custom_log: [2025-10-24 18:42:48.957 +00:00] Updated local subscribed list: test (com.scur.type.category.264)
Similarly, any application log file can be configured to be forwarded to the syslog server.