For the best user experience, we recommend logging into the LogDNA web app and following the account-tailored add a log source instructions. You may also follow the more generic instructions below
TCP+TLS (recommended)
To configure rsyslog to send logs to LogDNA via TCP secured with TLS, follow the steps below.
-
Download the LogDNA Root CA Certificate to
/etc/ld-root-ca.crt -
Add the contents below to
/etc/rsyslog.d/22-logdna.confon your host machine. Be sure to insert your LogDNA Ingestion Key.
### START LogDNA rsyslog logging directives ###
## TCP TLS only ##
$DefaultNetstreamDriverCAFile /etc/ld-root-ca.crt # trust these CAs
$ActionSendStreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS
$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname
$ActionSendStreamDriverPermittedPeer *.logdna.com
## End TCP TLS only ##
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\"] %msg%"
# Send messages to LogDNA over TCP using the template.
*.* @@syslog-a.logdna.com:6514;LogDNAFormat
### END LogDNA rsyslog logging directives ###
-
Install
rsyslog-gnutlsusing your package manager -
Restart syslog:
sudo /etc/init.d/rsyslog restart
TCP
To configure rsyslog to send logs to LogDNA via TCP, follow the steps below.
- Add the contents below to
/etc/rsyslog.d/22-logdna.confon your host machine. Be sure to insert your LogDNA Ingestion key.
### START LogDNA rsyslog logging directives ###
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\"] %msg%"
# Send messages to LogDNA over TCP using the template.
*.* @@syslog-a.logdna.com:514;LogDNAFormat
### END LogDNA rsyslog logging directives ###
- Restart syslog:
sudo /etc/init.d/rsyslog restart
UDP
Warning: UDP does not guarantee log line order. More information is available in this section of RFC 5426
To configure rsyslog to send logs to LogDNA via UDP, follow the steps below.
- Add the contents below to
/etc/rsyslog.d/22-logdna.confon your host machine. Be sure to insert your LogDNA Ingestion Key.
### START LogDNA rsyslog logging directives ###
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\"] %msg%"
# Send messages to LogDNA over UDP using the template.
*.* @syslog-a.logdna.com:514;LogDNAFormat
### END LogDNA rsyslog logging directives ###
- Restart syslog:
sudo /etc/init.d/rsyslog restart
Custom port
If you are unable to change the message template for rsyslog, you may provision a custom port by logging into the LogDNA web app and following the account-tailored add a log source instructions.
Host tags
Host tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app.
Host tags follow the syslog RFC-defined STRUCTURED-DATA format and requires configuring the template line in /etc/rsyslog.d/22-logdna.conf to include the IANA-approved LogDNA Private Enterprise Number (PEN), 48950. For example:
$template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [[email protected] key=\"YOUR-INGESTION-KEY-HERE\" tags=\"tag1,tag2\"] %msg%"
This would send up log lines from with the host tags prod and web, which would add this host to the prod and web tags.
Additional options
If possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options here.
Note: We accept the Rsyslog default format, RFC 5424 and RFC 3164 for auto parsing Rsyslog.
Updated 3 months ago