{"_id":"57b1ff8b5732880e0070ea20","user":"5732062ad720220e008ea1d2","version":{"_id":"56ba46e2ce5d540d00e2d7aa","project":"56ba46e2ce5d540d00e2d7a7","__v":13,"createdAt":"2016-02-09T20:06:58.727Z","releaseDate":"2016-02-09T20:06:58.727Z","categories":["56ba46e3ce5d540d00e2d7ab","5771a6b145c7080e0072927f","5771a72eb0ea6b0e006a5221","5772e5b20a6d610e00dea073","577c3006b20f211700593629","57ae587bca3e310e00538155","57ae593a7c93fa0e001e6b50","57b1f8263ff6c519005cf074","582601f155b1060f00ec4173","582a62857a96051b0070b011","58ebfae58d5a860f00851fb9","590a75a1ec0d5e190095ab38","59e5253fd460b50010237bed"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"project":"56ba46e2ce5d540d00e2d7a7","category":{"_id":"57b1f8263ff6c519005cf074","__v":0,"project":"56ba46e2ce5d540d00e2d7a7","version":"56ba46e2ce5d540d00e2d7aa","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-08-15T17:13:10.543Z","from_sync":false,"order":5,"slug":"syslog","title":"Syslog"},"parentDoc":null,"__v":1,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-08-15T17:44:43.410Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"For the best user experience, we recommend logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host). You may also follow the more generic instructions below\n\n## TCP+TLS (recommended)\n\nTo configure rsyslog to send logs to LogDNA via TCP secured with TLS, follow the steps below.\n\n1.  Download the [LogDNA Root CA Certificate](http://repo.logdna.com/syslog/ld-root-ca.crt) to `/etc/ld-root-ca.crt`\n\n2. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"### START LogDNA rsyslog logging directives ###\\n\\n## TCP TLS only ##\\n$DefaultNetstreamDriverCAFile /etc/ld-root-ca.crt # trust these CAs\\n$ActionSendStreamDriver gtls # use gtls netstream driver\\n$ActionSendStreamDriverMode 1 # require TLS\\n$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname\\n$ActionSendStreamDriverPermittedPeer *.logdna.com\\n## End TCP TLS only ##\\n\\n$template LogDNAFormat,\\\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna:::at:::48950 key=\\\\\\\"YOUR-INGESTION-KEY-HERE\\\\\\\"] %msg%\\\"\\n\\n# Send messages to LogDNA over TCP using the template.\\n*.* @@syslog-a.logdna.com:6514;LogDNAFormat\\n\\n### END LogDNA rsyslog logging directives ###\",\n      \"language\": \"text\",\n      \"name\": \"/etc/rsyslog.d/22-logdna.conf\"\n    }\n  ]\n}\n[/block]\n3. Install `rsyslog-gnutls` using your package manager\n\n4. Restart syslog: `sudo /etc/init.d/rsyslog restart`\n\n## TCP\n\nTo configure rsyslog to send logs to LogDNA via TCP, follow the steps below.\n\n1. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"### START LogDNA rsyslog logging directives ###\\n\\n$template LogDNAFormat,\\\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\\\\\"YOUR-INGESTION-KEY-HERE\\\\\\\"] %msg%\\\"\\n\\n# Send messages to LogDNA over TCP using the template.\\n*.* @@syslog-a.logdna.com:514;LogDNAFormat\\n\\n### END LogDNA rsyslog logging directives ###\",\n      \"language\": \"text\",\n      \"name\": \"/etc/rsyslog.d/22-logdna.conf\"\n    }\n  ]\n}\n[/block]\n2. Restart syslog: `sudo /etc/init.d/rsyslog restart`\n\n## UDP\n\n**Warning**: UDP does not guarantee log line order. More information is available in [this section of RFC 5426](https://tools.ietf.org/html/rfc5426#section-4.4)\n\nTo configure rsyslog to send logs to LogDNA via UDP, follow the steps below. \n\n1. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"### START LogDNA rsyslog logging directives ###\\n\\n$template LogDNAFormat,\\\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\\\\\"YOUR-INGESTION-KEY-HERE\\\\\\\"] %msg%\\\"\\n\\n# Send messages to LogDNA over UDP using the template.\\n*.* @syslog-a.logdna.com:514;LogDNAFormat\\n\\n### END LogDNA rsyslog logging directives ###\\n\",\n      \"language\": \"text\",\n      \"name\": \"/etc/rsyslog.d/22-logdna.conf\"\n    }\n  ]\n}\n[/block]\n2. Restart syslog: `sudo /etc/init.d/rsyslog restart`\n\n## Custom port\n\nIf you are unable to change the message template for rsyslog, you may provision a custom port by logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host)\n\n## Host tags\n\nHost tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app. \n\nHost tags follow the [syslog RFC-defined STRUCTURED-DATA format](https://tools.ietf.org/html/rfc5424#section-6.3.2) and requires configuring the template line in `/etc/rsyslog.d/22-logdna.conf` to include the IANA-approved LogDNA [Private Enterprise Number (PEN)](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers), 48950. For example: \n\n```\n$template LogDNAFormat,\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\"YOUR-INGESTION-KEY-HERE\\\" tags=\\\"tag1,tag2\\\"] %msg%\"\n```\nThis would send up log lines from with the host tags ```prod``` and ```web```, which would add this host to the prod and web tags.\n\n## Additional options\n\nIf possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options [here](https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html#keepalive).","excerpt":"","slug":"rsyslog","type":"basic","title":"rsyslog"}

General

Guides

Integrations

Tools

Platforms

Syslog

Public API

Ingest API

Code Libraries

Help

rsyslog

For the best user experience, we recommend logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host). You may also follow the more generic instructions below ## TCP+TLS (recommended) To configure rsyslog to send logs to LogDNA via TCP secured with TLS, follow the steps below. 1. Download the [LogDNA Root CA Certificate](http://repo.logdna.com/syslog/ld-root-ca.crt) to `/etc/ld-root-ca.crt` 2. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START LogDNA rsyslog logging directives ###\n\n## TCP TLS only ##\n$DefaultNetstreamDriverCAFile /etc/ld-root-ca.crt # trust these CAs\n$ActionSendStreamDriver gtls # use gtls netstream driver\n$ActionSendStreamDriverMode 1 # require TLS\n$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname\n$ActionSendStreamDriverPermittedPeer *.logdna.com\n## End TCP TLS only ##\n\n$template LogDNAFormat,\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\"YOUR-INGESTION-KEY-HERE\\\"] %msg%\"\n\n# Send messages to LogDNA over TCP using the template.\n*.* @@syslog-a.logdna.com:6514;LogDNAFormat\n\n### END LogDNA rsyslog logging directives ###", "language": "text", "name": "/etc/rsyslog.d/22-logdna.conf" } ] } [/block] 3. Install `rsyslog-gnutls` using your package manager 4. Restart syslog: `sudo /etc/init.d/rsyslog restart` ## TCP To configure rsyslog to send logs to LogDNA via TCP, follow the steps below. 1. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START LogDNA rsyslog logging directives ###\n\n$template LogDNAFormat,\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\"YOUR-INGESTION-KEY-HERE\\\"] %msg%\"\n\n# Send messages to LogDNA over TCP using the template.\n*.* @@syslog-a.logdna.com:514;LogDNAFormat\n\n### END LogDNA rsyslog logging directives ###", "language": "text", "name": "/etc/rsyslog.d/22-logdna.conf" } ] } [/block] 2. Restart syslog: `sudo /etc/init.d/rsyslog restart` ## UDP **Warning**: UDP does not guarantee log line order. More information is available in [this section of RFC 5426](https://tools.ietf.org/html/rfc5426#section-4.4) To configure rsyslog to send logs to LogDNA via UDP, follow the steps below. 1. Add the contents below to `/etc/rsyslog.d/22-logdna.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START LogDNA rsyslog logging directives ###\n\n$template LogDNAFormat,\"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\\\"YOUR-INGESTION-KEY-HERE\\\"] %msg%\"\n\n# Send messages to LogDNA over UDP using the template.\n*.* @syslog-a.logdna.com:514;LogDNAFormat\n\n### END LogDNA rsyslog logging directives ###\n", "language": "text", "name": "/etc/rsyslog.d/22-logdna.conf" } ] } [/block] 2. Restart syslog: `sudo /etc/init.d/rsyslog restart` ## Custom port If you are unable to change the message template for rsyslog, you may provision a custom port by logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host) ## Host tags Host tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app. Host tags follow the [syslog RFC-defined STRUCTURED-DATA format](https://tools.ietf.org/html/rfc5424#section-6.3.2) and requires configuring the template line in `/etc/rsyslog.d/22-logdna.conf` to include the IANA-approved LogDNA [Private Enterprise Number (PEN)](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers), 48950. For example: ``` $template LogDNAFormat,"<%PRI%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [logdna@48950 key=\"YOUR-INGESTION-KEY-HERE\" tags=\"tag1,tag2\"] %msg%" ``` This would send up log lines from with the host tags ```prod``` and ```web```, which would add this host to the prod and web tags. ## Additional options If possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options [here](https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html#keepalive).