Syslog-ng
You can stream RSyslog logs using TCP+TLS, TCP, and UDP, as well as through custom syslog ports. Mezmo accepts the Rsyslog default format, RFC 5424 and RFC 3164 for auto parsing.
In 2022, we changed the company name from LogDNA to Mezmo. However, the IANA-approved Private Enterprise Number (PEN), 48950, is still associated with the name LogDNA. We continue to use this name in our code examples for simplicity.
Set Up Syslog-ng Log Ingestion
Follow the instructions in the Mezmo Web App to set up RSyslog log ingestion using your Mezmo syslog port and ingestion key.
- Log in to the Mezmo Web App.
- In the bottom section of the left-hand navigation, click Help.
- Select Add Log Sources.
- Under Via syslog, click syslog-ng.
- Follow the instructions to set up Syslog-ng log ingestion.
Host Tags
Host tags let you group hosts automatically without having to explicitly assign a host to a group within the Mezmo web app.
Host tags follow the syslog RFC-defined STRUCTURED-DATA format and require configuring the template line in /etc/rsyslog.d/22-logdna.conf to include the IANA-approved LogDNA Private Enterprise Number (PEN), 48950. For example:
This will send up lines from with the host tags prod and web, which would add this host to the prod and web tags.
If possible, we highly recommend setting up a keepalive inside your syslog forwarding configuration. This helps make sure that bad connections are properly terminated and re-initiated, and increases the reliability of log delivery. You can learn about rsyslog keepalive options here.