Support Logging setup Configure syslog script

Syslog Configuration Scripts

Loggly offers a variety of syslog configuration scripts that will automatically configure Linux systems to send logs to Loggly. These scripts support Rsyslog, which is the most popular syslog daemon included with major distributions of Linux including Ubuntu, Red Hat, Amazon EC2, and more.

The scripts run in just a few seconds and will perform over 10 system compatibility checks, configure rsyslog using best practices, and verify the logs reach to our system. It assumes you have sudo access, you’re on a common linux distribution with rsyslog 5.8 or higher, it receives local system logs, and port 514 (insecure logging port) 6514 (secure logging port) is open to outbound connections. They are open source and available to access on GitHub.

1. Configure-linux script

This script sends the system logs to Loggly. The script by default send the logs securely but if package manager (rsyslog-gnutls) could not be installed in your distribution then it will ask to switch to the insecure mode in order to send logs successfully. Run the automatic configure-linux bash script below to setup rsyslog. Alternatively, you can manually configure rsyslog.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a SUBDOMAIN -t TOKEN -u USERNAME

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • TOKEN (optional): your customer token from the source setup page
  • USERNAME: your Loggly username

Script Usage

configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s suppress prompts (optional)] [--insecure {Insecure mode} (optional)] [--force-secure {Force Secure Mode} (optional)]
configure-linux [-r to remove]
configure-linux [-h for help]

Configure

  • Configures rsyslog to send logs to Loggly

Remove

  • Uninstalls Loggly from your system

Suppress prompts

  • Suppressing the interactive prompts allows you to run it automatically using default settings

Insecure Mode

  • Insecure mode allows you to send your logs insecurely on port 514

Force Secure Mode

  • Force secure will send the logs forcefully to secure mode. It prevents swiching to insecure mode even if package rsyslog-gnutls could not be downloaded. This will set the TLS configurations. On manually installing the rsyslog-gnutls package, secure sending will be started.

Script Actions for Configure-linux Script

The script will perform over 10 system checks below to make sure your system is compatible with Loggly and that it can successfully send logs to Loggly. To configure the system, it executes the same instructions in rsyslog manual configuration by writing a configuration file named /etc/rsyslog.d/22-loggly.conf which will send the system logs to Loggly. It then restarts the rsyslog service so the changes take effect. The verification step sends a test log message with a UUID, and then retrieves it back through Loggly’s search API. If it is able to retrieve the log, then the configuration is successful. It also logs the status of your setup experience to Loggly so our support team can help if you have trouble.

System Checks

  1. checkAuthTokenAndWriteContents – Check if authentication token is valid and then write contents to 22-loggly.conf file to /etc/rsyslog.d directory
  2. checkIfLogglyServersAccessible – Check if the Loggly servers are accessible. If not, ask user to check network connectivity & exit
  3. checkIfLogsMadeToLoggly – Check if the logs are going to loggly from linux system now
  4. checkIfMinVersionOfRsyslog – Check for the minimum version of rsyslog i.e 5.8.0. If no, then exit
  5. checkIfMultipleRsyslogConfigured – Check if multiple rsyslog are present in the system. If yes, then exit
  6. checkIfRsyslogConfiguredAsService – Check if rsyslog is configured as service. If no, then exit
  7. checkIfSelinuxServiceEnforced – Check if selinux service is enforced. if yes, ask the user to manually disable and exit the script
  8. checkIfSupportedOS – Check if the OS is supported by the script. If no, then exit
  9. checkIfUserHasRootPrivileges – Check if the user has root permission to run this script
  10. checkIfValidAuthToken – Check if authentication token is valid. If no, then exit
  11. checkIfValidUserNamePassword – Check if the user credentials are valid. If no, then exit
  12. checkIfPackageManagerIsInstalled – Check if package manager (apt-get or yum) is available. If no, then script will ask to switch to insecure mode. If user denies for switching then exit.
  13. checkIfCurlIsNotInstalled – Check if curl is available or not. If no, then exit
  14. checkIfTLS – Check if the user is sending the logs insecurely. If yes, then script will give a prompt to switch to secure mode.

Source Code

The configuration script is open source and you can review or modify it’s behavior as needed for your system. It’s available on GitHub.

NOTE: The below scripts invoke the configure-linux script to configure Linux System first. After configuring the Linux system, it continues further setup.

2. Configure-file-monitoring script

Run our automatic configure-file-monitoring script below to continuously read the files and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below. The script supports fixed filenames as well as wildcards and directories. If you configure it to monitor a directory it will check every five minutes for new files.

curl -O https://www.loggly.com/install/configure-file-monitoring.sh
sudo bash configure-file-monitoring.sh -a SUBDOMAIN -u USERNAME -f FILENAME -l ALIAS

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username
  • FILENAME: the file or directory you want to monitor, can contain wildcards but cannot contain spaces
  • ALIAS: an easy to recognize name for the syslog.appName field. Must be unique for each file.

Script Usage

usage: configure-file-monitoring [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-f filename] [-tag filetag1,filetag2 (optional)] [-l filealias] [-s suppress prompts {optional)]
usage: configure-file-monitoring [-a loggly auth account or subdomain] [-r to rollback] [-l filealias]
usage: configure-file-monitoring [-h for help]

Script Actions for Configure-file-monitoring Script

  1. checkIfFileLocationContainSpaces – Check if file location contain spaces. If yes, then exit.
  2. checkIfFileExist – Check if file exist. If no, then exit.
  3. checkIfFileAliasExist – Check if File alias exist. If yes, then script will give a prompt to overwrite the configuration for that file alias.
  4. checkFileReadPermission – Checks file Read permission. If file access not permitted, then script gives warning message that it can fail at the verification step.

3. Configure-nginx script

Run the automatic configure-Nginx bash script below to setup rsyslog. It supports logs in the standard nginx directory for your distribution, but for virtual host support you must edit the generated file to add additional virtual hosts.

curl -O https://www.loggly.com/install/configure-nginx.sh
sudo bash configure-nginx.sh -a SUBDOMAIN -u USERNAME

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username

Script Usage

usage: configure-nginx [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-tag filetag1,filetag2 (optional)] [-s suppress prompts {optional)]
usage: configure-nginx [-a loggly auth account or subdomain] [-r to rollback]
usage: configure-nginx [-h for help]

Script Actions for configure-nginx Script

checkNginxDetails – Check if init script is present at /etc/init.d directory. If not, then exit.

4. Configure-apache script

Run the automatic configure-apache bash script below to setup rsyslog. It supports logs in the standard nginx directory for your distribution, but for virtual host support you must edit the generated file to add additional virtual hosts.

curl -O https://www.loggly.com/install/configure-apache.sh
sudo bash configure-apache.sh -a SUBDOMAIN -u USERNAME

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username

Script Usage

usage: configure-apache [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-tag filetag1,filetag2 (optional)] [-s suppress prompts {optional)]
usage: configure-apache [-a loggly auth account or subdomain] [-r to rollback]
usage: configure-apache [-h for help]

Script Actions for configure-apache Script

  1. checkApacheDetails – Check if init script is present at /etc/init.d directory. If not, then exit.
  2. checkIfSupportedApacheVersion – Check for the Apache version 2. If not, then exit.

Source Code

The configuration scripts are open source and you can review or modify it’s behavior as needed for your system. It’s available on GitHub.

Troubleshooting Your Syslog Script Configuration

Thanks for the feedback! We'll use it to improve our support documentation.