Linux Syslog

You can configure Linux to send logs to Loggly through the default syslog daemon installed with your distribution, so there are no proprietary agents needed. This guide will configure your system to send the standard Linux system logs, and offer a foundation to monitor file and application logs.

This Linux logging guide assumes you have sudo access, you’re on a common linux distribution with rsyslog 5.8 or higher, it receives local system logs, and port 514 is open to outbound connections. If you have different requirements, please see the Advanced Options below.

Linux Logging Setup

  1. Configure Syslog Daemon
  2. Run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.

    curl -O https://www.loggly.com/install/configure-linux.sh
    sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME
    

    Replace:

    • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
    • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

    You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.

  3. Send A Test Event
  4. Use Logger to send a test event to Loggly.

    logger 'Hello World!'

  5. Verify
  6. Search Loggly over the past 30 minutes to find your logs. It may take a few minutes to index them. If you don’t see them, check the troubleshooting section below.

    Click on one of the Linux logs to show a list of syslog fields. If you don’t see them, please check that you are using one of our automatically parsed formats.
    Linux Syslog

  7. Next Steps

Advanced Linux Logging Options

  • Rsyslog TLS config – securely send sensitive data using TLS encryption
  • Switch to UDP logging by using single “@” instead of “@@” in *.* @@logs-01.loggly.com:514;LogglyFormat line present in 22-loggly.conf file.
  • The default maximum supported message size is 8K. Use $MaxMessageSize parameter in /etc/rsyslog.conf file to handle more than 8K message size.
  • Systemd logs – send logs from linux distributions that have systemd or journald
  • Scrub Sensitive Data – scrub private or secure data before it leaves your network
  • Use Puppet to configure syslog on many nodes
  • Streaming syslog
  • Joyant or SmartOS Containers – the config file is stored in /opt/local/etc/rsyslog.conf
  • Search or post your own Linux logs questions in the community forum.

Troubleshooting Linux Syslog

Thanks for the feedback! We'll use it to improve our support documentation.


Top