For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/integrations/syslog_ng.md. A documentation index is available at /llms.txt.

syslog_ng

Supported OS Linux Windows

To find out if this integration is available in your organization, see your Datadog Integrations page or ask your organization administrator.

To initiate an exception request to enable this integration for your organization, email support@ddog-gov.com.

Overview

Configure Syslog-ng to gather logs from your host, containers, & services.

Setup

Log collection

  1. Collect system logs and log files in /etc/syslog-ng/syslog-ng.conf and make sure the source is correctly defined:

    source s_src {
system();
internal();

};

    If you want to monitor files, add the following source:

    #########################
# Sources
#########################

...

source s_files {
file("path/to/your/file1.log",flags(no-parse),follow_freq(1),program_override("<program_name_file1>"));
file("path/to/your/file2.log",flags(no-parse),follow_freq(1),program_override("<program_name_file2>"));

};

  2. Set the correct log format:

    #########################
# Destination
#########################

...

# For Datadog platform:
destination d_datadog {
  http(
      url("https://http-intake.logs./api/v2/logs?ddsource=<SOURCE>&ddtags=<TAG_1:VALUE_1,TAG_2:VALUE_2>")
      method("POST")
      headers("Content-Type: application/json", "Accept: application/json", "DD-API-KEY: <DATADOG_API_KEY>")
      body("<${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n")
  );
};

  3. Define the output in the path section:

    #########################
# Log Path
#########################

...

log { source(s_src); source(s_files); destination(d_datadog); };

  4. Restart syslog-ng.

Troubleshooting

Need help? Contact Datadog support.