Syslog-ng
Get setup to start collecting, centralizing, monitoring, and analyzing your syslog-ng log files. Send log data from a variety of sources including syslog, rsyslog, AWS, JavaScript, JSON, Kubernetes, Docker, and more.
You can stream RSyslog logs using TCP+TLS, TCP, and UDP, as well as through custom syslog ports. LogDNA accepts the Rsyslog default format, RFC 5424 and RFC 3164 for auto parsing.
Set Up RSyslog Log Ingestion
Follow the instructions in the LogDNA Web App to set up RSyslog log ingestion using your LogDNA syslog port and ingestion key.
- Log in to the LogDNA Web App.
- In the left-hand navigation, click the Help icon.
- Click Logging Setup.
- Under Via syslog, click rsyslog.
- Follow the instructions to set up RSyslog log ingestion.
Host tags
Host tags let you group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app.
Host tags follow the syslog RFC-defined STRUCTURED-DATA format and require configuring the template line in /etc/rsyslog.d/22-logdna.conf to include the IANA-approved LogDNA Private Enterprise Number (PEN), 48950. For example:
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\" tags=\"tag1,tag2\"] %msg%"
This will send up lines from with the host tags prod and web, which would add this host to the prod and web tags.
Set keepalive in Syslog Forwarding Configuration
If possible, we highly recommend setting up a keepalive inside your syslog forwarding configuration. This helps make sure that bad connections are properly terminated and re-initiated, and increases the reliability of log delivery. You can learn about rsyslog keepalive options here.
Updated 1 day ago