Configure Syslog Script

Our configure-linux.sh bash script will automatically configure Linux’s standard rsyslog daemon to send your system syslog to Loggly. It performs over 10 system checks to make sure your system is compatible and verifies that you can successfully send logs to Loggly. It assumes you have sudo access, you’re on a common linux distribution with rsyslog 5.8 or higher, it receives local system logs, and port 514 is open to outbound connections. It also assumes you’re on our newer Gen2 version of Loggly.

Quick Start Setup

Run the automatic configure-linux bash script below to setup rsyslog. Alternatively, you can manually configure rsyslog.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a SUBDOMAIN -t TOKEN -u USERNAME

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • TOKEN (optional): your customer token from the source setup page
  • USERNAME: your Loggly username

Script Usage

configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s suppress prompts {optional)]
configure-linux [-r to remove]
configure-linux [-h for help]

Configure

  • Configures rsyslog to send logs to Loggly

Remove

  • Uninstalls Loggly from your system

Suppress prompts

  • Suppressing the interactive prompts allows you to run it automatically using default settings

Script Actions

The script will perform over 10 system checks below to make sure your system is compatible with Loggly and that it can successfully send logs to Loggly. To configure the system, it executes the same instructions in rsyslog manual configuration by writing a configuration file named /etc/rsyslog.d/22-loggly.conf which will send the system logs to Loggly. It then restarts the rsyslog service so the changes take effect. The verification step sends a test log message with a UUID, and then retrieves it back through Loggly’s search API. If it is able to retrieve the log, then the configuration is successful. It also logs the status of your setup experience to Loggly so our support team can help if you have trouble.

System Checks

  1. checkAuthTokenAndWriteContents – Check if authentication token is valid and then write contents to 22-loggly.conf file to /etc/rsyslog.d directory
  2. checkIfLogglyServersAccessible – Check if the Loggly servers are accessible. If not, ask user to check network connectivity & exit
  3. checkIfLogsMadeToLoggly – Check if the logs are going to loggly from linux system now
  4. checkIfMinVersionOfRsyslog – Check for the minimum version of rsyslog i.e 5.8.0. If no, then exit
  5. checkIfMultipleRsyslogConfigured – Check if multiple rsyslog are present in the system. If yes, then exit
  6. checkIfRsyslogConfiguredAsService – Check if rsyslog is configured as service. If no, then exit
  7. checkIfSelinuxServiceEnforced – Check if selinux service is enforced. if yes, ask the user to manually disable and exit the script
  8. checkIfSupportedOS – Check if the OS is supported by the script. If no, then exit
  9. checkIfUserHasRootPrivileges – Check if the user has root permission to run this script
  10. checkIfValidAuthToken – Check if authentication token is valid. If no, then exit
  11. checkIfValidUserNamePassword – Check if the user credentials are valid. If no, then exit

Source Code

The configuration script is open source and you can review or modify it’s behavior as needed for your system. It’s available on GitHub.

Legacy Syslog-ng Configuration Script

If you use syslog-ng, you can use the older version of our configure-syslog script. It will automatically generate a syslog configuration for you to inspect and copy and verify that Loggly has received your data. If you run as root, the script will copy it to your syslog folder and restart the syslog daemon as well. Our automatic syslog configuration works with most common Linux distributions including Ubuntu, RHEL, and CentOS. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.

Quick Start Setup

The fastest way to get your systems up and running is by using our Syslog Configurator script. Run this from your command line:

wget -q -O - https://www.loggly.com/install/configure-syslog.py | sudo python - setup

This script will create a configuration file that can be included from your existing syslog forwarding agent. You’ll need to supply your username, password, and account name so that the script can pull down your customer token. Once the configuration is complete, the script will restart the syslog daemon & (optionally) verify that logs can be sent to Loggly. Other helpful actions are available with the script, for instance “verify” will send test events & then verify they made it to Loggly.

Configure Syslog Script

Verify Logging to Loggly

It can check to see if you can successfully send logs to Loggly. It will log a test event, and then search for it through the API. It make take a few minutes to index the events and return successfully.

wget -q -O - https://www.loggly.com/install/configure-syslog.py | sudo python - verify

Syslog Configuration Script Details

Prerequisites

Script Usage

 
./configure-syslog.py <action> [option]

Action:
   setup      Configure syslog
   uninstall    Remove the changes made by the syslog configuration script
   verify       Verify the configuration explicitly
   sysinfo      Print, write system information
   loggly_help  Manual installation instructions for your account
   dryrun       Perform configuration steps without modifying anything

Option:
   -v|--verbose Print detailed logs on console

Note: Some details are logged to Loggly when the script is used. We are collecting some information to figure out how well our script is behaving & to figure out how often it fails

Here’s more detail on what each of the actions will do:

Setup

  • Ensures the script is running as root.
  • Verifies that both the OS & syslog version are supported.
  • Requests Loggly credentials. (These are necessary to pull down your Customer Token.)
  • Places a stand-alone config file under your /etc/rsyslog.d or /etc/syslog-ng directory
  • SIGHUP (restart) the syslog process.

Uninstall

  • Ensures the script is running as root.
  • Checks whether rsyslog or syslog-ng are running.
  • Removes the 22-loggly.conf file under either /etc/rsyslog.d/ or /etc/syslog-ng/
  • SIGHUP (restart) the syslog process.

Verify

  • Ensures the script is running as root.
  • Requests Loggly credentials. (These are necessary to poll Loggly for your log event.)
  • Sends a test message to Loggly using logger and then makes an API call to search for the message.

Sysinfo

  • Writes environment information to a file. You may want to post this information to the Community Forum if you’re looking for assistance.

loggly_help

  • Requests Loggly credentials. (These are necessary to pull down your Customer Token.)
  • Prints the configuration snippets you can use to manually update your own syslog configuration file.

Dryrun

  • Ensures the script is running as root.
  • Verifies that both the OS & syslog version are supported.
  • Places a temporary config file under your /etc/rsyslog.d/ or /etc/syslog-ng/ directory
  • Performs a configuration validation run on the running syslog agent.
  • Removes the temporary config file.

Source Code

This script is open source and can be viewed on GitHub

Troubleshooting Your Syslog Script Configuration

Thanks for the feedback! We'll use it to improve our support documentation.


Top