syslog-ng

{"_id":"57b2073d5732880e0070ea26","user":"5732062ad720220e008ea1d2","version":{"_id":"56ba46e2ce5d540d00e2d7aa","project":"56ba46e2ce5d540d00e2d7a7","__v":13,"createdAt":"2016-02-09T20:06:58.727Z","releaseDate":"2016-02-09T20:06:58.727Z","categories":["56ba46e3ce5d540d00e2d7ab","5771a6b145c7080e0072927f","5771a72eb0ea6b0e006a5221","5772e5b20a6d610e00dea073","577c3006b20f211700593629","57ae587bca3e310e00538155","57ae593a7c93fa0e001e6b50","57b1f8263ff6c519005cf074","582601f155b1060f00ec4173","582a62857a96051b0070b011","58ebfae58d5a860f00851fb9","590a75a1ec0d5e190095ab38","59e5253fd460b50010237bed"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":1,"category":{"_id":"57b1f8263ff6c519005cf074","__v":0,"project":"56ba46e2ce5d540d00e2d7a7","version":"56ba46e2ce5d540d00e2d7aa","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-08-15T17:13:10.543Z","from_sync":false,"order":5,"slug":"syslog","title":"Syslog"},"parentDoc":null,"project":"56ba46e2ce5d540d00e2d7a7","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-08-15T18:17:33.984Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"For the best user experience, we recommend logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host). You may also follow the more generic instructions below\n\n## TCP+TLS (recommended)\n\nTo configure syslog-ng to send logs to LogDNA via TCP secured with TLS, follow the steps below.\n\n1. Download the [LogDNA Root CA Certificate](http://repo.logdna.com/syslog/ld-root-ca.crt) to `/etc/ld-root-ca.crt`\n\n2. Append the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"### START syslog-ng LogDNA Logging Directives ###\\n\\nsource s_logdna {\\n system(); # Check which OS & collect system logs\\n internal(); # Collect syslog-ng logs\\n};\\n\\ntemplate LogDNAFormat { template(\\\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna:::at:::48950 key=\\\\\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\\\\\"] $MSG\\\\n\\\");\\n template_escape(no);\\n};\\n\\ndestination d_logdna {\\n tcp(\\\"syslog-a.logdna.com\\\" port(6514)\\n tls(cert-file(\\\"/etc/ld-root-ca.crt\\\"))\\n template(LogDNAFormat));\\n};\\n\\nlog {\\n source(s_logdna);\\n destination(d_logdna);\\n};\\n\\n### END syslog-ng LogDNA logging directives ###\\n\",\n \"language\": \"text\",\n \"name\": \"/etc/syslog-ng/syslog-ng.conf\"\n }\n ]\n}\n[/block]\n3. Restart syslog: `sudo /etc/init.d/syslog-ng restart`\n\n## TCP\n\nTo configure syslog-ng to send logs to LogDNA via TCP, follow the steps below.\n\n1. Append the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"### START syslog-ng LogDNA Logging Directives ###\\n\\nsource s_logdna {\\n system(); # Check which OS & collect system logs\\n internal(); # Collect syslog-ng logs\\n};\\n\\ntemplate LogDNAFormat { template(\\\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\\\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\\\\\"] $MSG\\\\n\\\");\\n template_escape(no);\\n};\\n\\ndestination d_logdna {\\n tcp(\\\"syslog-a.logdna.com\\\" port(514)\\n template(LogDNAFormat));\\n};\\n\\nlog {\\n source(s_logdna);\\n destination(d_logdna);\\n};\\n\\n### END syslog-ng LogDNA logging directives ###\",\n \"language\": \"text\",\n \"name\": \"/etc/syslog-ng/syslog-ng.conf\"\n }\n ]\n}\n[/block]\n2. Restart syslog: `sudo /etc/init.d/syslog-ng restart`\n\n## UDP\n\n**Warning**: UDP does not guarantee log line order. More information is available in [this section of RFC 5426](https://tools.ietf.org/html/rfc5426#section-4.4)\n\nTo configure syslog-ng to send logs to LogDNA via UDP, follow the steps below.\n\n1. Add the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile).\n[block:code]\n{\n \"codes\": [\n {\n \"code\": \"### START syslog-ng LogDNA Logging Directives ###\\n\\nsource s_logdna {\\n system(); # Check which OS & collect system logs\\n internal(); # Collect syslog-ng logs\\n};\\n\\ntemplate LogDNAFormat { template(\\\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\\\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\\\\\"] $MSG\\\\n\\\");\\n template_escape(no);\\n};\\n\\ndestination d_logdna {\\n udp(\\\"syslog-a.logdna.com\\\" port(514)\\n template(LogDNAFormat));\\n};\\n\\nlog {\\n source(s_logdna);\\n destination(d_logdna);\\n};\\n\\n### END syslog-ng LogDNA logging directives ###\",\n \"language\": \"text\",\n \"name\": \"/etc/syslog-ng/syslog-ng.conf\"\n }\n ]\n}\n[/block]\n2. Restart syslog: `sudo /etc/init.d/syslog-ng restart`\n\n## Custom port\n\nIf you are unable to change the message template for syslog-ng, you may provision a custom port by logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host)\n\n## Host tags\n\nHost tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app. \n\nHost tags follow the [syslog RFC-defined STRUCTURED-DATA format](https://tools.ietf.org/html/rfc5424#section-6.3.2) and requires configuring the template line in `/etc/rsyslog.d/22-logdna.conf` to include the IANA-approved LogDNA [Private Enterprise Number (PEN)](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers), 48950. For example: \n```\ntemplate LogDNAFormat { template(\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\" tags=\\\"prod,web\\\"] $MSG\\n\");\n template_escape(no);\n};\n```\nThis would send up log lines from with the host tags ```prod``` and ```web```, which would add this host to the prod and web tags.\n\n## Additional options\n\nIf possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options [here](https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-network-chapter.html).","excerpt":"","slug":"syslog-ng","type":"basic","title":"syslog-ng"}

For the best user experience, we recommend logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host). You may also follow the more generic instructions below ## TCP+TLS (recommended) To configure syslog-ng to send logs to LogDNA via TCP secured with TLS, follow the steps below. 1. Download the [LogDNA Root CA Certificate](http://repo.logdna.com/syslog/ld-root-ca.crt) to `/etc/ld-root-ca.crt` 2. Append the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START syslog-ng LogDNA Logging Directives ###\n\nsource s_logdna {\n system(); # Check which OS & collect system logs\n internal(); # Collect syslog-ng logs\n};\n\ntemplate LogDNAFormat { template(\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\"] $MSG\\n\");\n template_escape(no);\n};\n\ndestination d_logdna {\n tcp(\"syslog-a.logdna.com\" port(6514)\n tls(cert-file(\"/etc/ld-root-ca.crt\"))\n template(LogDNAFormat));\n};\n\nlog {\n source(s_logdna);\n destination(d_logdna);\n};\n\n### END syslog-ng LogDNA logging directives ###\n", "language": "text", "name": "/etc/syslog-ng/syslog-ng.conf" } ] } [/block] 3. Restart syslog: `sudo /etc/init.d/syslog-ng restart` ## TCP To configure syslog-ng to send logs to LogDNA via TCP, follow the steps below. 1. Append the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START syslog-ng LogDNA Logging Directives ###\n\nsource s_logdna {\n system(); # Check which OS & collect system logs\n internal(); # Collect syslog-ng logs\n};\n\ntemplate LogDNAFormat { template(\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\"] $MSG\\n\");\n template_escape(no);\n};\n\ndestination d_logdna {\n tcp(\"syslog-a.logdna.com\" port(514)\n template(LogDNAFormat));\n};\n\nlog {\n source(s_logdna);\n destination(d_logdna);\n};\n\n### END syslog-ng LogDNA logging directives ###", "language": "text", "name": "/etc/syslog-ng/syslog-ng.conf" } ] } [/block] 2. Restart syslog: `sudo /etc/init.d/syslog-ng restart` ## UDP **Warning**: UDP does not guarantee log line order. More information is available in [this section of RFC 5426](https://tools.ietf.org/html/rfc5426#section-4.4) To configure syslog-ng to send logs to LogDNA via UDP, follow the steps below. 1. Add the contents below to `/etc/syslog-ng/syslog-ng.conf` on your host machine. Be sure to insert your [LogDNA Ingestion Key](https://app.logdna.com/manage/profile). [block:code] { "codes": [ { "code": "### START syslog-ng LogDNA Logging Directives ###\n\nsource s_logdna {\n system(); # Check which OS & collect system logs\n internal(); # Collect syslog-ng logs\n};\n\ntemplate LogDNAFormat { template(\"<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\\\"INSERT-YOUR-INGESTION-KEY-HERE\\\"] $MSG\\n\");\n template_escape(no);\n};\n\ndestination d_logdna {\n udp(\"syslog-a.logdna.com\" port(514)\n template(LogDNAFormat));\n};\n\nlog {\n source(s_logdna);\n destination(d_logdna);\n};\n\n### END syslog-ng LogDNA logging directives ###", "language": "text", "name": "/etc/syslog-ng/syslog-ng.conf" } ] } [/block] 2. Restart syslog: `sudo /etc/init.d/syslog-ng restart` ## Custom port If you are unable to change the message template for syslog-ng, you may provision a custom port by logging into the [LogDNA web app](https://app.logdna.com/) and following the [account-tailored add a log source instructions](https://app.logdna.com/pages/add-host) ## Host tags Host tags allow you to group hosts automatically without having to explicitly assign a host to a group within the LogDNA web app. Host tags follow the [syslog RFC-defined STRUCTURED-DATA format](https://tools.ietf.org/html/rfc5424#section-6.3.2) and requires configuring the template line in `/etc/rsyslog.d/22-logdna.conf` to include the IANA-approved LogDNA [Private Enterprise Number (PEN)](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers), 48950. For example: ``` template LogDNAFormat { template("<%PRI%>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [logdna@48950 key=\"INSERT-YOUR-INGESTION-KEY-HERE\" tags=\"prod,web\"] $MSG\n"); template_escape(no); }; ``` This would send up log lines from with the host tags ```prod``` and ```web```, which would add this host to the prod and web tags. ## Additional options If possible, we highly recommend setting up a keepalive inside your rsyslog forwarding configuration. This ensures that bad connections are properly terminated and re-initiated and increases the reliability of log delivery. You can learn about rsyslog keepalive options [here](https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/reference-destination-network-chapter.html).

LogDNA Docs

General

Guides

Integrations

Tools

Platforms

Syslog

Public API

Ingest API

Code Libraries

Help