syslog_ng Supported OS
Overview Configure Syslog-ng to gather logs from your host, containers, & services.
Setup Log collection Log collection is not supported for the Datadog site .
Collect system logs and log files in /etc/syslog-ng/syslog-ng.conf
and make sure the source is correctly defined:
source s_src {
system();
internal();
};
If you want to monitor files, add the following source:
#########################
# Sources
#########################
...
source s_files {
file("path/to/your/file1.log",flags(no-parse),follow_freq(1),program_override("<program_name_file1>"));
file("path/to/your/file2.log",flags(no-parse),follow_freq(1),program_override("<program_name_file2>"));
};
Set the correct log format:
#########################
# Destination
#########################
...
# For Datadog platform:
template DatadogFormat { template("YOURAPIKEY <${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n"); };
destination d_datadog { tcp("intake.logs.datadoghq.com" port(10514) template(DatadogFormat)); };
Define the output in the path section:
#########################
# Log Path
#########################
...
log { source(s_src); source(s_files); destination(d_datadog); };
(Optional) TLS Encryption:
More information about the TLS parameters and possibilities are available in the syslog-ng Open Source Edition Administration Guide .
(Optional) Set the source on your logs. To set the source, use the following format (if you have several sources, change the name of the format in each file):
template DatadogFormat { template("<API_KEY> <${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} [metas@0 ddsource=\"test\"] $MSG\n"); };
You can also add custom tags with the ddtags
attribute:
template DatadogFormat { template("<API_KEY> <${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} [metas@0 ddsource=\"test\" ddtags=\"env:test,user:test_user,<KEY:VALUE>\"] $MSG\n"); };
Restart syslog-ng.
Troubleshooting Need help? Contact Datadog support .