For the best user experience, we recommend logging into the LogDNA web app and following the account-tailored add a log source instructions. You may also follow the more generic instructions below
TCP+TLS (recommended)
To configure syslog-ng to send logs to LogDNA via TCP secured with TLS, follow the steps below.
-
Download the LogDNA Root CA Certificate to
/etc/ld-root-ca.crt
-
Append the contents below to
/etc/syslog-ng/syslog-ng.conf
on your host machine. Be sure to insert your LogDNA Ingestion Key.
### START syslog-ng LogDNA Logging Directives ###
source s_logdna {
system(); # Check which OS & collect system logs
internal(); # Collect syslog-ng logs
};
template LogDNAFormat { template("<${PRI}>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [[email protected] key=\"INSERT-YOUR-INGESTION-KEY-HERE\"] $MSG\n");
template_escape(no);
};
destination d_logdna {
tcp("syslog-a.logdna.com" port(6514)
tls(cert-file("/etc/ld-root-ca.crt"))
template(LogDNAFormat));
};
log {
source(s_logdna);
destination(d_logdna);
};
### END syslog-ng LogDNA logging directives ###
- Restart syslog:
sudo /etc/init.d/syslog-ng restart
TCP
To configure syslog-ng to send logs to LogDNA via TCP, follow the steps below.
- Append the contents below to
/etc/syslog-ng/syslog-ng.conf
on your host machine. Be sure to insert your LogDNA Ingestion Key.
### START syslog-ng LogDNA Logging Directives ###
source s_logdna {
system(); # Check which OS & collect system logs
internal(); # Collect syslog-ng logs
};
template LogDNAFormat { template("<${PRI}>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [[email protected] key=\"INSERT-YOUR-INGESTION-KEY-HERE\"] $MSG\n");
template_escape(no);
};
destination d_logdna {
tcp("syslog-a.logdna.com" port(514)
template(LogDNAFormat));
};
log {
source(s_logdna);
destination(d_logdna);
};
### END syslog-ng LogDNA logging directives ###
- Restart syslog:
sudo /etc/init.d/syslog-ng restart
UDP
Warning: UDP does not guarantee log line order. More information is available in this section of RFC 5426
To configure syslog-ng to send logs to LogDNA via UDP, follow the steps below.
- Add the contents below to
/etc/syslog-ng/syslog-ng.conf
on your host machine. Be sure to insert your LogDNA Ingestion Key.
### START syslog-ng LogDNA Logging Directives ###
source s_logdna {
system(); # Check which OS & collect system logs
internal(); # Collect syslog-ng logs
};
template LogDNAFormat { template("<${PRI}>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [[email protected] key=\"INSERT-YOUR-INGESTION-KEY-HERE\"] $MSG\n");
template_escape(no);
};
destination d_logdna {
udp("syslog-a.logdna.com" port(514)
template(LogDNAFormat));
};
log {
source(s_logdna);
destination(d_logdna);
};
### END syslog-ng LogDNA logging directives ###
- Restart syslog:
sudo /etc/init.d/syslog-ng restart
Custom port
If you are unable to change the message template for syslog-ng, you may provision a custom port by logging into the LogDNA web app and following the account-tailored add a log source instructions.
Host tags
Host tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app.
Host tags follow the syslog RFC-defined STRUCTURED-DATA format and requires configuring the template line in /etc/rsyslog.d/22-logdna.conf
to include the IANA-approved LogDNA Private Enterprise Number (PEN), 48950. For example:
template LogDNAFormat { template("<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [[email protected] key=\"INSERT-YOUR-INGESTION-KEY-HERE\" tags=\"prod,web\"] $MSG\n");
template_escape(no);
};
This would send up log lines from with the host tags prod
and web
, which would add this host to the prod and web tags.
Additional options
If possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options here.
Updated about a month ago