From 85539af0f7a12d318d34a8f618d98decffb630d1 Mon Sep 17 00:00:00 2001
From: Sean Roberts <seanorama@gmail.com>
Date: Thu, 18 Feb 2016 16:18:15 +0000
Subject: [PATCH] rsyslog notes

---
 labs/lab4/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/labs/lab4/README.md b/labs/lab4/README.md
index f495b12..f2792d6 100644
--- a/labs/lab4/README.md
+++ b/labs/lab4/README.md
@@ -20,7 +20,10 @@ Let's also look at the syslog listener
 1. Create a ListenSyslog processor.
   1. Note the batching options here.
   1. NiFi is running as a non-privileged user, so you will not be able to use the default port (514) try 1514 instead, and point syslog to this instead.
-1. Push this to a PutFile.
+1. Push this to a PutFile
+  1. Warning: By default, each new log record (row) will write to a new file
+1. (optional) Update & restart rsyslog to forward all logs to NiFi
+  1. `echo '*.* @localhost:1514' | sudo tee -a /etc/rsyslog.conf ; sudo service rsyslog restart`
 
 A common pattern is the List, Fetch patter.