---
id: linux-os-syslog
title: Ingest Linux OS Syslog Data into Cloud SIEM
sidebar_label: Linux OS Syslog
description: Configure a syslog source to ingest Linux OS log messages to be parsed by Cloud SIEM’s system parser for Linux OS Syslog.
slug: /help/docs/cse/ingestion/ingestion-sources-for-cloud-siem/linux-os-syslog/
canonical: https://www.sumologic.com/help/docs/cse/ingestion/ingestion-sources-for-cloud-siem/linux-os-syslog/
---
import useBaseUrl from '@docusaurus/useBaseUrl';
To ingest Linux OS data into Cloud SIEM:
1. [Configure a Syslog source](/docs/send-data/installed-collectors/sources/syslog-source/#configure-a-syslog-source) on a collector. When you configure the source, do the following:
1. Click the **+Add Field** link, and add a field whose name is `_siemForward` and value is *true*. This will ensure all logs for this source are forwarded to Cloud SIEM.
1. Add another field named `_parser` with value */Parsers/System/Linux/Linux OS Syslog*. This ensures that the Linux OS logs are parsed and normalized into structured records in Cloud SIEM.
1. Configure forwarding for the Linux OS to the syslog source. See [Configure forwarding to a Syslog Source](/docs/send-data/installed-collectors/sources/syslog-source/#configure-forwarding-to-a-syslogsource).
1. To verify that your logs are successfully making it into Cloud SIEM:
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Cloud SIEM**, and then under **Cloud SIEM Integrations** select **Log Mappings**. You can also click the **Go To...** menu at the top of the screen and select **Log Mappings**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top Cloud SIEM menu select **Configuration**, and then under **Incoming Data** select **Log Mappings**.
1. On the **Log Mappings** tab search for "Linux OS" and check the **Records** columns. A list of mappers for Linux OS Syslog will appear and you can see if logs are coming in.
1. For a more granular look at the incoming records, you can also search the Sumo Logic platform for Linux OS security records:
`_index=sec_record* and metadata_product = "Linux OS Syslog"`