Logentries Docs

Find comprehensive guides and documentation to help you start and continue to work with Logentries.

    
discard

Search results for "{{ search.query }}"

No results found for "{{search.query}}".

Syslog-ng

Syslog-ng is an open source implementation of syslog. You can use syslog-ng to monitor log files on your servers and forward them to Logentries. We support two methods of forwarding rsyslog events to Logentries, which are explained below. We recommend using our Token-based input method which brings additional security and is independent of the actual source IP address.

Token TCP

Add a new log in the Logentries UI by selecting the Manual Configuration option in the Add a Log page and selecting Token TCP. After create the log you will receive a TOKEN UUID which will be printed under the form and then beside the log name in the list of logs. Enter this token in the template section below and copy the full configuration to your syslog-ng config file at /etc/syslog-ng/syslog-ng.conf

template logentriesTemplate {
     template("TOKEN_HERE $ISODATE $HOST $MSG\n"); template_escape(no); 
};

source s_all {
       internal();
       unix-stream("/var/log/error.log");
};

destination d_network_logentries {
       tcp("data.logentries.com" port(80) template(logentriesTemplate));
};

log {
    source(s_all); destination(d_network_logentries);
};

Secure Logging

To send your logs over SSL configure your config as shown below.

template logentriesTemplate {
     template("TOKEN_HERE $ISODATE $HOST $MSG\n"); template_escape(no);
 };
destination logentries {
    network("data.logentries.com" port(443) template(logentriesTemplate) transport("tls") tls( ca-dir("/etc/ssl/certs/")));
};

log {
    source(s_local); destination(d_network_logentries);
};

Plain TCP/UDP Forwarding

If you would rather use a more basic syslog approach, we support that as well. Add a new log in the Logentries UI by selecting the Manual Configuration option in the Add a Log page and selecting Plain TCP/UDP. After create the log you will receive a PORT number to use which will be printed under the form and beside the log name in the list of logs. Enter this PORT number in the destination section of the configuration below and copy the full configuration to your syslog-ng configuration file at /etc/syslog-ng/etc/syslog-ng.conf

source s_all {
  internal();
  unix-stream("/var/log/error.log");
};
destination d_logentries {
  tcp("data.logentries.com" port(PORT));
};
log {
  source(s_all); destination(d_logentries);
};

Restart

Then restart your syslog-ng server by entering the command below:

sudo service syslog-ng restart

Required in Syslog-ng 3.0+ configuration file

Every syslog-ng configuration file must begin with a line containing the version information of syslog-ng. For syslog-ng version 3.6, this line looks like:

@version: 3.6

Versioning the configuration file was introduced in syslog-ng 3.0. If the configuration file does not contain the version information, syslog-ng assumes that the file is for syslog-ng version 2.x. In this case it interprets the configuration and sends warnings about the parts of the configuration that should be updated. Version 3.0 and later will correctly operate with configuration files of version 2.x, but the default values of certain parameters have changed since 3.0. Further information regarding this requirement may be found here.

Syslog-ng