- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Supported OS
Configure Rsyslog to gather logs from your host, containers, and services.
inotify
mode. Traditionally, imfile
used polling mode, which is much more resource-intense (and slower) than inotify
mode.Activate the imfile
module to monitor specific log files. To add the imfile
module, add the following to your rsyslog.conf
:
module(load="imfile" PollingInterval="10") #needs to be done just once
Create an /etc/rsyslog.d/datadog.conf
file.
In /etc/rsyslog.d/datadog.conf
, add the following configuration and replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<APP_NAME_OF_FILE1>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%\n"
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.<site_url>" port="10514" template="DatadogFormat")
}
In /etc/rsyslog.d/datadog.conf
, add the following configuration. Replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<TAGS>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
template(name="test_template" type="list") { constant(value="{") property(name="msg" outname="message" format="jsonfr") constant(value="}")}
# include the omhttp module
module(load="omhttp")
ruleset(name="infiles") {
action(type="omhttp" server="http-intake.logs.<site_url>" serverport="443" restpath="api/v2/logs" template="test_template" httpheaders=["DD-API-KEY: <API_KEY>", "Content-Type: application/json"])
}
Restart Rsyslog. Your new logs are forwarded directly to your Datadog account.
sudo systemctl restart rsyslog
Associate your logs with the host metrics and tags.
To make sure that your logs are associated with the metrics and tags from the same host in your Datadog account, set the HOSTNAME
in your rsyslog.conf
to match the hostname of your Datadog metrics.
datadog.conf
or datadog.yaml
, replace the %HOSTNAME%
value in rsyslog.conf
to match your hostname.datadog.conf
or datadog.yaml
, you do not need to change anything.To get the best use out of your logs in Datadog, set a source for the logs.
If you forward your logs to the Datadog Agent, you can set the source in the Agent configuration file.
If you’re not forwarding your logs to the Datadog Agent, create a distinct configuration file for each source in /etc/rsyslog.d/
.
To set the source, use the following format (if you have several sources, change the name of the format in each file):
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\"] %msg%\n"
You can add custom tags with the ddtags
attribute:
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\" ddtags=\"env:dev,<KEY:VALUE>\"] %msg%\n"
(Optional) Datadog cuts inactive connections after a period of inactivity. Some versions of Rsyslog are not able to reconnect when necessary. To mitigate this issue, use time markers so the connection never stops:
Add the following lines to your Rsyslog configuration file:
$ModLoad immark
$MarkMessagePeriod 20
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo apt-get install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.datadoghq.com" port="10516" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.com" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo apt-get install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="tcp-intake.logs.datadoghq.eu" port="443" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.eu" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Activate the imfile
module to monitor specific log files. To add the imfile
module, add the following to your rsyslog.conf
:
module(load="imfile" PollingInterval="10") #needs to be done just once
Create an /etc/rsyslog.d/datadog.conf
file.
In /etc/rsyslog.d/datadog.conf
, add the following configuration and replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<APP_NAME_OF_FILE1>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%\n"
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.<site_url>" port="10514" template="DatadogFormat")
}
In /etc/rsyslog.d/datadog.conf
, add the following configuration. Replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<TAGS>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
template(name="test_template" type="list") { constant(value="{") property(name="msg" outname="message" format="jsonfr") constant(value="}")}
# include the omhttp module
module(load="omhttp")
ruleset(name="infiles") {
action(type="omhttp" server="http-intake.logs.<site_url>" serverport="443" restpath="api/v2/logs" template="test_template" httpheaders=["DD-API-KEY: <API_KEY>", "Content-Type: application/json"])
}
Restart Rsyslog. Your new logs are forwarded directly to your Datadog account.
sudo systemctl restart rsyslog
Associate your logs with the host metrics and tags:
To make sure that your logs are associated with the metrics and tags from the same host in your Datadog account, set the HOSTNAME
in your rsyslog.conf
to match the hostname of your Datadog metrics.
datadog.conf
or datadog.yaml
, replace the %HOSTNAME%
value in rsyslog.conf
to match your hostname.datadog.conf
or datadog.yaml
, you do not need to change anything.To get the best use out of your logs in Datadog, set a source for the logs.
If you forward your logs to the Datadog Agent, you can set the source in the Agent configuration file.
If you’re not forwarding your logs to the Datadog Agent, create a distinct configuration file for each source in /etc/rsyslog.d/
:
To set the source, use the following format (if you have several sources, change the name of the format in each file):
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\"] %msg%\n"
You can add custom tags with the ddtags
attribute:
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\" ddtags=\"env:dev,<KEY:VALUE>\"] %msg%\n"
(Optional) Datadog cuts inactive connections after a period of inactivity. Some versions of Rsyslog are not able to reconnect when necessary. To mitigate this issue, use time markers so the connection never stops:
Add the following two lines to your Rsyslog configuration file:
$ModLoad immark
$MarkMessagePeriod 20
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo yum install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.datadoghq.com" port="10516" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.com" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo yum install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="tcp-intake.logs.datadoghq.eu" port="443" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.eu" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Activate the imfile
module to monitor specific log files. To add the imfile
module, add the following to your rsyslog.conf
:
module(load="imfile" PollingInterval="10") #needs to be done just once
Create an /etc/rsyslog.d/datadog.conf
file.
In /etc/rsyslog.d/datadog.conf
, add the following configuration and replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<APP_NAME_OF_FILE1>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%\n"
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.<site_url>" port="10514" template="DatadogFormat")
}
In /etc/rsyslog.d/datadog.conf
, add the following configuration. Replace <site_url>
with and <API_KEY>
with your Datadog API key. You must include a separate input
line for each log file you want to monitor:
## For each file to send
input(type="imfile" ruleset="infiles" Tag="<TAGS>" File="<PATH_TO_FILE1>")
## Set the Datadog Format to send the logs
template(name="test_template" type="list") { constant(value="{") property(name="msg" outname="message" format="jsonfr") constant(value="}")}
# include the omhttp module
module(load="omhttp")
ruleset(name="infiles") {
action(type="omhttp" server="http-intake.logs.<site_url>" serverport="443" restpath="api/v2/logs" template="test_template" httpheaders=["DD-API-KEY: <API_KEY>", "Content-Type: application/json"])
}
Restart Rsyslog. Your new logs are forwarded directly to your Datadog account.
sudo systemctl restart rsyslog
Associate your logs with the host metrics and tags:
To make sure that your logs are associated with the metrics and tags from the same host in your Datadog account, set the HOSTNAME
in your rsyslog.conf
to match the hostname of your Datadog metrics.
datadog.conf
or datadog.yaml
, replace the %HOSTNAME%
value in rsyslog.conf
to match your hostname.datadog.conf
or datadog.yaml
, you do not need to change anything.To get the best use out of your logs in Datadog, set a source for the logs.
If you forward your logs to the Datadog Agent, you can set the source in the Agent configuration file.
If you’re not forwarding your logs to the Datadog Agent, create a distinct configuration file for each source in /etc/rsyslog.d/
:
To set the source, use the following format (if you have several sources, change the name of the format in each file):
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\"] %msg%\n"
You can add custom tags with the ddtags
attribute:
$template DatadogFormat,"<DATADOG_API_KEY> <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - [metas ddsource=\"<MY_SOURCE_NAME>\" ddtags=\"env:dev,<KEY:VALUE>\"] %msg%\n"
(Optional) Datadog cuts inactive connections after a period of inactivity. Some versions of Rsyslog are not able to reconnect when necessary. To mitigate this issue, use time markers so the connection never stops:
Add the following two lines to your Rsyslog configuration file:
$ModLoad immark
$MarkMessagePeriod 20
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo dnf install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="intake.logs.datadoghq.com" port="10516" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.com" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Install the rsyslog-gnutls
and ca-certificates
packages:
sudo dnf install rsyslog-gnutls ca-certificates
Add the following line to the bottom of your /etc/rsyslog.d/datadog.conf
file:
## Define the destination for the logs
$DefaultNetstreamDriverCAFile /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="tcp-intake.logs.datadoghq.eu" port="443" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.eu" )
}
Restart the Rsyslog service:
sudo systemctl restart rsyslog
Need help? Contact Datadog support.