Syslog-ng
Use the Mezmo integration to start collecting, centralizing, monitoring, and analyzing your syslog-ng log file
LogDNA is now Mezmo
LogDNA has recently become Mezmo. As you access technical resources like our API, Code Libraries, and GitHub repositories, you will continue to see references to LogDNA for a short time as we update our new name across all our resource channels.
You can stream RSyslog logs using TCP+TLS, TCP, and UDP, as well as through custom syslog ports. Mezmo accepts the Rsyslog default format, RFC 5424 and RFC 3164 for auto parsing.
Set Up RSyslog Log Ingestion
Follow the instructions in the Mezmo Web App to set up RSyslog log ingestion using your Mezmo syslog port and ingestion key.
- Log in to the Mezmo Web App.
- In the left-hand navigation, click the Help icon.
- Click Logging Setup.
- Under Via syslog, click rsyslog.
- Follow the instructions to set up RSyslog log ingestion.
Host tags
Host tags let you group hosts automatically without having to explicitly assign a host to a group within the Mezmo web app.
Host tags follow the syslog RFC-defined STRUCTURED-DATA format and require configuring the template line in /etc/rsyslog.d/22-logdna.conf to include the IANA-approved LogDNA Private Enterprise Number (PEN), 48950. For example:
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\" tags=\"tag1,tag2\"] %msg%"
This will send up lines from with the host tags prod and web, which would add this host to the prod and web tags.
Set keepalive in Syslog Forwarding Configuration
If possible, we highly recommend setting up a keepalive inside your syslog forwarding configuration. This helps make sure that bad connections are properly terminated and re-initiated, and increases the reliability of log delivery. You can learn about rsyslog keepalive options here.
Updated 13 days ago