Logging from *nix

[obsolete]

What is Syslog?

If you're running a *nix server, chances are that it already has some form of syslog running.  Syslog is the standard for logging data on a *nix machine.  Most applications are configured to send their log output to syslog.  There are a few different flavors of syslog, so read on to figure out what you've got and how to configure it to send your syslog logs to Loggly.

We have way too many ways to accept log files from applications running on your *nix platform.  If you want to keep it simple, have your applications log locally to your local syslog and then configure your syslog server to forward to Loggly.

Do I have Syslog?

You can check which logging service you are running (on most Linux based systems) by checking your process list from the command line:

$ ps -ax |grep yslog

What version of Syslog do you recommend?

Both rsyslog & syslog-ng are great solutions for forwarding logs. Each have their advantages. Loggly recommends installing syslog-ng to monitor logs on your server, especially if you need to monitor files which normally don't make their way into syslog. If you don't have a preference for a logging solution, you should follow the instructions on the syslog-ng Installation page to start logging to us.

Configuring Syslog based servers

Installed solutions for logging vary widely. Often times, you may find your syslog server is running an older, less feature rich version than what you need to get the most out of Loggly. The following table attempts to document the features of these different syslog based servers and the features they support. You can use the links to jump to the configuration page for that particular server.

syslog-ng
Syslog Server Version Platform UDP Forwarding TCP Forwarding Custom Ports File Monitoring
syslog-ng 2.x All Yes Yes Yes No
syslog-ng 3.x All Yes Yes Yes Yes
Other Syslogs
Syslog Server Version Platform UDP Forwarding TCP Forwarding Custom Ports File Monitoring
syslogd All BSD Systems Yes Yes Yes No
syslogd All OSX Yes No Yes No
syslogd All Linux Yes No No No
rsyslog 5.6.0 All Yes Yes Yes Yes
nxlog Windows Yes Yes Yes Yes

Forward via TCP on Syslog

Remember, plain ol' syslog servers don't support TCP. You'll need to use either rsyslog or syslog-ng. To send us data via TCP, create a TCP input in your Loggly account. Navigate to the Incoming Data tab, and then click the add input button. Name your input and give it a description.

Edit your syslogd.conf file, usually found in /etc/syslogd.conf, and add the following line at the bottom of the file:

*.* @@logs.loggly.com:[PORT]

Note: The TCP protocol is defined with the two @@ signs.
Be sure you use the correct port from the input you created! After you've saved the configuration file, you'll need to restart syslog. A simple cross-platform way to do this is by getting a process list, then sending a HUP signal to the process ID:

   
sh-3.2# ps -ax |grep syslog
15 ?? 0:00.49 /usr/sbin/syslogd
sh-3.2# kill -HUP 15

Checking Your Configuration

You should now be able to test sending events to us by using the command line tool logger:

$ logger -t test "i'd rather be playing minecraft than writing docs!"

Jump into the shell, and do a search for part of the event you just sent us:

$ search minecraft

For more information, see the rsyslog and syslog-ng pages.

 

Forward via UDP on Syslog

To send us data over UDP with syslog, you'll need to create a UDP input in your Loggly account. Warning: UDP is an unreliable protocol. It gives no assurances that your logs will actually be delivered to Loggly. This is why we recommend using TCP whenever possible.

Navigate to the Incoming Data tab, and then click the add input button. Name your input and give it a description.

*.* @logs.loggly.com:[PORT]

Be sure you use the correct port from the input you created! After you've saved the configuration file, you'll need to restart syslog. A simple cross-platform way to do this is by getting a process list, then sending a HUP signal to the process ID:

sh-3.2# ps -ax |grep syslog
15 ?? 0:00.49 /usr/sbin/syslogd
sh-3.2# kill -HUP 15

Checking Your Configuration

You should now be able to test sending events to us by using the command line tool logger:

$ logger -t test "i'd rather be playing minecraft than writing docs!"

Jump into the shell, and do a search for part of the event you just sent us:

$ search minecraft

For more information, see the rsyslog and syslog-ng pages.

Checking Your Configuration

You should now be able to test sending events to us by using the command line tool logger (man logger for additional info on this utility):

$ logger -t test I\'d rather be playing minecraft than writing docs!

Jump into the shell, and do a search for part of the event you just sent us:

$ search minecraft
Top