このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Overview
Network Device Monitoring (NDM) uses Syslog to provide visibility into the health and performance of your network infrastructure. By integrating your network devices with Datadog through Syslog, you can collect and analyze log data, monitor device behavior, troubleshoot issues, and maintain network stability.
Prerequisites
- Datadog Agent version 7.57 or later installed and running on a host that can receive Syslog messages from your network devices.
- Network devices configured to send Syslog messages either directly to the Datadog Agent, or through a proxy that forwards messages to the Datadog Agent.
Configuration
Ensure the following settings are enabled in your /etc/datadog-agent/datadog.yaml file:
logs_enabled: true # enable logs collection
logs_config:
use_sourcehost_tag: true # adds a source_host tags to logs with the source IP
Create a Syslog listener configuration:
In /etc/datadog-agent/conf.d/, create a directory called syslog.d/.
In syslog.d/, create a file named conf.yaml with the following:
logs:
- type: syslog
port: 514
protocol: udp
source: syslog
service: <service> # optional tag
port: The port the Agent listens on for Syslog messages. Default is 514.protocol: Set to udp or tcp based on your device configuration.source: Custom source name for these logs in Datadog. Use syslog to correlate with NDM devices.service: Optional service name for unified service tagging.
Restart the Datadog Agent to apply the changes.
sudo systemctl restart datadog-agent
Ensure the following settings are enabled in your C:\ProgramData\Datadog\datadog.yaml file:
logs_enabled: true # enable logs collection
logs_config:
use_sourcehost_tag: true # adds a source_host tags to logs with the source IP
Create a Syslog listener configuration:
In C:\ProgramData\Datadog\conf.d\, create a directory called syslog.d/.
In syslog.d/, create a file named conf.yaml with the following:
logs:
- type: syslog
port: 514
protocol: udp
source: syslog
service: <service> # optional tag
port: The port the Agent listens on for Syslog messages. Default is 514.protocol: Set to udp or tcp based on your device configuration.source: Custom source name for these logs in Datadog. Use syslog to correlate with NDM devices.service: Optional service name for unified service tagging.
Restart the Datadog Agent service from the Services console to apply the changes.
Ensure the following settings are enabled in your /etc/datadog-agent/datadog.yaml file in your Docker volume:
logs_enabled: true # enable logs collection
logs_config:
use_sourcehost_tag: true # adds a source_host tags to logs with the source IP
Create a Syslog listener configuration:
Mount a volume to /etc/datadog-agent/conf.d/ and create a directory called syslog.d/.
In syslog.d/, create a file named conf.yaml with the following:
logs:
- type: syslog
port: 514
protocol: udp
source: syslog
service: <service> # optional tag
port: The port the Agent listens on for Syslog messages. Default is 514.protocol: Set to udp or tcp based on your device configuration.source: Custom source name for these logs in Datadog. Use syslog to correlate with NDM devices.service: Optional service name for unified service tagging.
Restart the Docker container where the Agent is installed to apply the changes.
Log parsing
After you complete the above steps, Syslog can start sending log data to Datadog. To ensure NDM correctly associates these logs with your monitored network devices, set up a custom log parsing pipeline that populates the syslog_ip tag with each device’s source IP address.
Note: NDM associates logs with devices when source:syslog AND the syslog_ip tag matches one of the device’s IP addresses.
Choose the appropriate scenario based on your network configuration:
When network devices send Syslog messages directly to the Datadog Agent, the Agent’s use_sourcehost_tag: true setting automatically adds a source_host tag containing the sender’s IP address.
To create the syslog_ip tag, remap the source_host tag using a Log Processing Pipeline:
- In Datadog, navigate to Logs > Log Configuration > Pipelines.
- Create a pipeline or select an existing one.
- Add a Log Remapper processor with the following configuration:
- Source of the tag:
source_host - Target tag:
syslog_ip
When network devices send Syslog through a proxy (such as rsyslog or syslog-ng), the source_host tag reflects the proxy’s IP address instead of the original device’s IP.
To create the syslog_ip tag:
- Configure the proxy to include the original source IP in the Syslog message payload.
- rsyslog example: Use a template like
$template CustomFormat,"%fromhost-ip% %msg%\n" to prepend the source IP to each message.
- Create a Log Processing Pipeline to extract and map the IP address:
- In Datadog, navigate to Logs > Log Configuration > Pipelines.
- Create a pipeline or select an existing one.
- Add a Grok Parser processor to extract the IP address from the message into a temporary attribute (for example,
@temp_ip). - Add a Log Remapper processor with the following configuration:
- Source of the attribute:
@temp_ip (or your chosen attribute name) - Target tag:
syslog_ip - Preserve source attribute: Uncheck this option to remove the temporary attribute
For more information, see the Datadog Log Pipelines documentation.
Verify Syslog messages
After your network devices are configured and the Datadog Agent is running, you can verify that Syslog data is being collected and sent to Datadog:
Navigate to the Log Explorer in your Datadog account.
In the search bar, filter by source:syslog (or whatever source you specified in your conf.yaml file).
You should see your network device Syslog messages appearing in the Log Explorer.
Verify syslog_ip: Ensure that the syslog_ip tag is present and correctly populated with the network device’s IP address for each relevant log entry.
Optionally, to observe Syslog messages in NDM, navigate to Infrastructure > Network Devices.
- Select a device that is configured to send Syslog messages.
- In the device side panel, click the Syslog tab to view your Syslog messages:
Further Reading
