This product is not supported for your selected
Datadog site. (
).
Observability Pipelines の rsyslog または syslog-ng を使用すると、rsyslog または syslog-ng に送信されたログを受信できます。 パイプラインを設定 する際に、このソースを選択して設定してください。
また、 サード パーティのログを syslog に転送 し、その後 Observability Pipelines Worker に送信することもできます。
前提条件
To use Observability Pipelines’ Syslog source, your applications must be sending data in one of the following formats: RFC 6587, RFC 5424, RFC 3164. You also need to have the following information available:
- The bind address that your Observability Pipelines Worker (OPW) will listen on to receive logs from your applications. For example,
0.0.0.0:8088. Later on, you configure your applications to send logs to this address. - The appropriate TLS certificates and the password you used to create your private key if your forwarders are globally configured to enable SSL.
パイプライン UI でソースを設定
パイプラインを設定 するときに、このソースを選択して設定します。以下の情報は、パイプライン UI のソース設定に関するものです。
To configure your Syslog source:
- In the Socket Type dropdown menu, select the communication protocol you want to use: TCP or UDP.
- Optionally, toggle the switch to enable TLS. If you enable TLS, the following certificate and key files are required.
Note: All file paths are made relative to the configuration data directory, which is /var/lib/observability-pipelines-worker/config/ by default. See Advanced Configurations for more information. The file must be owned by the observability-pipelines-worker group and observability-pipelines-worker user, or at least readable by the group or user.Server Certificate Path: The path to the certificate file that has been signed by your Certificate Authority (CA) Root File in DER or PEM (X.509) format.CA Certificate Path: The path to the certificate file that is your Certificate Authority (CA) Root File in DER or PEM (X.509) format.Private Key Path: The path to the .key private key file that belongs to your Server Certificate Path in DER or PEM (PKCS#8) format.
syslog 経由で Observability Pipelines Worker にログを送信
rsyslog
To send rsyslog logs to the Observability Pipelines Worker, update your rsyslog config file:
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="<OPW_HOST>" port="<OPW_PORT>")
}
<OPW_HOST> is the IP/URL of the host (or load balancer) associated with the Observability Pipelines Worker.
- For CloudFormation installs, the
LoadBalancerDNS CloudFormation output has the correct URL to use. - For Kubernetes installs, the internal DNS record of the Observability Pipelines Worker service can be used, for example
opw-observability-pipelines-worker.default.svc.cluster.local.
syslog-ng
To send syslog-ng logs to the Observability Pipelines Worker, update your syslog-ng config file:
destination obs_pipelines {
http(
url("<OPW_HOST>")
method("POST")
body("<${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n")
);
};
<OPW_HOST> is the IP/URL of the host (or load balancer) associated with the Observability Pipelines Worker.
- For CloudFormation installs, the
LoadBalancerDNS CloudFormation output has the correct URL to use. - For Kubernetes installs, the internal DNS record of the Observability Pipelines Worker service can be used, for example
opw-observability-pipelines-worker.default.svc.cluster.local.
サード パーティのログを Observability Pipelines Worker に転送
Syslog は、ネットワーク ログを中央サーバーに送信するために広く使用されているロギング プロトコルです。多くのネットワーク デバイスが syslog 出力に対応しているため、サード パーティのログを処理とルーティングのために Observability Pipelines の syslog ソースへ転送できます。これらのサード パーティ サービスの例は次のとおりです:
Fortinet
Palo Alto Networks
