There are a number of syslogging tools available to choose from in linux, however Rsyslog is the default syslogging tool in Ubuntu since 9.10 (Karmic) which also comes installed by default, so I will be using this. Rsyslog is compatible with both tcp and udp logging.
To setup rsyslog to capture alerts from a remote source:
sudo nano /etc/rsyslog.conf and simply uncomment the protocol you prefer.
# provides UDP syslog reception
# provides TCP syslog reception
# $ModLoad imtcp
# $InputTCPServerRun 514
You can also use the $AllowedSender directive if you want to setup ACL’s.
You will then need to specify which alerts you would like to listen for:
sudo nano /etc/rsyslog.d/50-default.conf
Add the following line to capture notification alerts including all levels <0-5>
sudo /etc/init.d/rsyslog restart to restart the syslog service to enable changes.
sudo nano /etc/logrotate.conf
create 0640 syslog adm
Add to cron
sudo nano /etc/crontab
00 00 * * * root /usr/sbin/logrotate -f /etc/logrotate.conf