Send Systemd Logs to Loggly

You can configure systemd or journald to send logs to Loggly using your default syslog daemon, so there are no proprietary agents needed. This guide will configure your system to send the standard Systemd logs, and offer a foundation to monitor file and application logs.

This Systemd logging guide assumes you have sudo access, you’re on a Systemd supported linux distribution with rsyslog 5.8 or higher, it receives local systemd logs, and port 514 is open to outbound connections. If you have different requirements, please see the Advanced Options below.

Logging Setup

  1. Configure Syslog Daemon
  2. Run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.

    curl -O https://www.loggly.com/install/configure-linux.sh
    sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME

    Replace:

    • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
    • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

    You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.

  3. Configuring journald
  4. Open the /etc/systemd/journald.conf file and uncomment the following to send logs to syslog.

     ForwardToSyslog=Yes

  5. Restart Journald
  6. Copy and paste the following command in terminal to restart systemd-journal

     systemctl restart systemd-journald 

  7. Verify Events
  8. Search Loggly over the past sometime to logs with appName as journal. It may take a few minutes to index them. If you don’t see them, check the troubleshooting section below.

    syslog.appName:"journal"

    Click on one of the logs to show a list of journal fields.
    Systemd_journal

    Advanced Systemd Logging Options

    Troubleshooting Linux Syslog

    Thanks for the feedback! We'll use it to improve our support documentation.


Top