Overview

Configure Syslog-ng to gather logs from your host, containers, & services.

Setup

Log collection

1. Collect system logs and log files in /etc/syslog-ng/syslog-ng.conf and make sure the source is correctly defined:

   source s_src {
   system();
   internal();
   
   };
   

   If you want to monitor files, add the following source:

   #########################
   # Sources
   #########################
   
   ...
   
   source s_files {
   file("path/to/your/file1.log",flags(no-parse),follow_freq(1),program_override("<program_name_file1>"));
   file("path/to/your/file2.log",flags(no-parse),follow_freq(1),program_override("<program_name_file2>"));
   
   };
   

2. Set the correct log format:

   #########################
   # Destination
   #########################
   
   ...
   
   # For Datadog platform:
   destination d_datadog {
     http(
         url("https://http-intake.logs./api/v2/logs?ddsource=<SOURCE>&ddtags=<TAG_1:VALUE_1,TAG_2:VALUE_2>")
         method("POST")
         headers("Content-Type: application/json", "Accept: application/json", "DD-API-KEY: <DATADOG_API_KEY>")
         body("<${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n")
     );
   };
   

3. Define the output in the path section:

   #########################
   # Log Path
   #########################
   
   ...
   
   log { source(s_src); source(s_files); destination(d_datadog); };
   

4. Restart syslog-ng.

Troubleshooting

Need help? Contact Datadog support.