Configuring a Syslog server to send Nextcloud events

To configure the sending of events from the server where Nextcloud is installed to the collector:

1. In the /etc/rsyslog.d/ directory, create a Nextcloud-to-siem.conf file with the following content:

   If $programname contains 'Nextcloud' then @<IP address of the collector>:<port of the collector>

   Example: If $programname contains 'Nextcloud' then @192.168.1.5:1514

   If you want to send events via TCP, the contents of the file must be as follows:

   If $programname contains 'Nextcloud' then @<IP address of the collector>:<port of the collector>

2. Save changes to the Nextcloud-to-siem.conf configuration file.
3. Create a backup copy of the /etc/rsyslog.conf file.
4. Add the following lines to the /etc/rsyslog.conf configuration file:

   $IncludeConfig /etc/Nextcloud-to-siem.conf

   $RepeatedMsgReduction off

5. Save your changes.
6. Restart the rsyslog service by executing the following command:

   sudo systemctl restart rsyslog.service

The export of Nextcloud events to the collector is configured.

Page top