Example: Monitoring Syslog events from a Humio integration

You can use Rsyslog with minimal configuration to send Syslog logs to Humio. The Rsyslog log processor is shipped with most popular Linux distributions.

Procedure

1. Follow the recommended configuration to forward all logs to Humio. For more information, see the Humio product documentation: https://docs.humio.com/integrations/data-shippers/rsyslog/.
2. Create a webhook notifier to send events to event management, as described in steps 1 to 11 of Configuring Humio as an event source.
3. Create an alert with the query "syslogtag=*" to monitor the logs in Humio repository.
   1. On the Humio UI, select Search.
   2. Enter syslogtag= in the field provided, and click Run.
   3. Click Save as > Alert.
   4. Populate the alert fields such as Name and Frequency. For Notifier, select the notifier that was just created.
   5. Click Save.