syslog_ng
Nouvelles annonces sur les technologies sans serveur et réseau ainsi que sur le RUM (Real-User Monitoring) dévoilées à la conférence Dash ! Nouvelles annonces dévoilées à la conférence Dash !

syslog_ng

Supported OS: Linux Windows

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Overview

Configure Syslog-ng to gather logs from your host, containers, & services.

Setup

Log collection

  1. Collect system logs and log files in /etc/syslog-ng/syslog-ng.conf make sure the source is correctly defined:

    source s_src {
    system();
    internal();
    
    };

    If you want to monitor files, add the following source:

    #########################
    # Sources
    #########################
    
    ...
    
    source s_files {
    file("path/to/your/file1.log",flags(no-parse),follow_freq(1),program_override("<program_name_file1>"));
    file("path/to/your/file2.log",flags(no-parse),follow_freq(1),program_override("<program_name_file2>"));
    
    };
  2. Set the correct log format:

    #########################
    # Destination
    #########################
    
    ...
    
    # For Datadog platform:
    template DatadogFormat { template("YOURAPIKEY <${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n"); };
    destination d_datadog { tcp("intake.logs.datadoghq.com" port(10514) template(DatadogFormat)); };
  3. Define the output in the path section:

    #########################
    # Log Path
    #########################
    
    ...
    
    log { source(s_src); source(s_files); destination(d_datadog); };
  4. (Optional) TLS Encryption:

    • Download the CA certificate:

      sudo apt-get install ca-certificates
    • Change the definition of the destination to the following:

      destination d_datadog { tcp("intake.logs.datadoghq.com" port(10516)     tls(peer-verify(required-untrusted)) template(DatadogFormat)); };

    More information about the TLS parameters and possibilities for syslog-ng available in the official documentation.

  5. Restart syslog-ng.

  1. Collect system logs and log files in /etc/syslog-ng/syslog-ng.conf make sure the source is correctly defined:

    source s_src {
    system();
    internal();
    
    };

    If you want to monitor files, add the following source:

    #########################
    # Sources
    #########################
    
    ...
    
    source s_files {
    file("path/to/your/file1.log",flags(no-parse),follow_freq(1),program_override("<program_name_file1>"));
     file("path/to/your/file2.log",flags(no-parse),follow_freq(1),program_override("<program_name_file2>"));
    
    };
  2. Set the correct log format:

    #########################
    # Destination
    #########################
    
    ...
    
    # For Datadog platform
    template DatadogFormat { template("YOURAPIKEY <${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n"); };
    destination d_datadog { tcp("tcp-intake.logs.datadoghq.eu" port(1883) template(DatadogFormat)); };
  3. Define the output in the path section:

    #########################
    # Log Path
    #########################
    
    ...
    
    log { source(s_src); source(s_files); destination(d_datadog); };
  4. (Optional) TLS Encryption:

    • Download the CA certificate:

      sudo apt-get install ca-certificates
    • Change the definition of the destination to the following:

      destination d_datadog { tcp("tcp-intake.logs.datadoghq.eu" port(443)     tls(peer-verify(required-untrusted)) template(DatadogFormat)); };

    More information about the TLS parameters and possibilities for syslog-ng available in their official documentation.

  5. Restart syslog-ng.

Troubleshooting

Need help? Contact Datadog support.