Syslog Source

문서 > Observability Pipelines > Sources > Syslog Source

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Use Observability Pipelines’ rsyslog or syslog-ng to receive logs sent to rsyslog or syslog-ng. Select and set up this source when you set up a pipeline.

You can also forward third-party log to syslog and then send them to the Observability Pipelines Worker.

Prerequisites

To use Observability Pipelines’ Syslog source, your applications must be sending data in one of the following formats: RFC 6587, RFC 5424, RFC 3164. You also need to have the following information available:

The bind address that your Observability Pipelines Worker (OPW) will listen on to receive logs from your applications. For example, 0.0.0.0:8088. Later on, you configure your applications to send logs to this address.
The appropriate TLS certificates and the password you used to create your private key if your forwarders are globally configured to enable SSL.

Set up the source in the pipeline UI

Select and set up this source when you set up a pipeline. The information below is for the source settings in the pipeline UI.

To configure your Syslog source:

In the Socket Type dropdown menu, select the communication protocol you want to use: TCP or UDP.
Optionally, toggle the switch to enable TLS. If you enable TLS, the following certificate and key files are required.
Note: All file paths are made relative to the configuration data directory, which is /var/lib/observability-pipelines-worker/config/ by default. See Advanced Configurations for more information. The file must be owned by the observability-pipelines-worker group and observability-pipelines-worker user, or at least readable by the group or user.
- Server Certificate Path: The path to the certificate file that has been signed by your Certificate Authority (CA) Root File in DER or PEM (X.509) format.
- CA Certificate Path: The path to the certificate file that is your Certificate Authority (CA) Root File in DER or PEM (X.509) format.
- Private Key Path: The path to the .key private key file that belongs to your Server Certificate Path in DER or PEM (PKCS#8) format.

Set the environment variables

rsyslog or syslog-ng address:
- The Observability Pipelines Worker listens on this bind address to receive logs from the Syslog forwarder. For example, 0.0.0.0:9997.
- Stored in the environment variable DD_OP_SOURCE_SYSLOG_ADDRESS.

Send logs to the Observability Pipelines Worker over syslog

rsyslog

rsyslog 로그를 Observability Pipelines Worker로 보내려면 rsyslog 구성 파일을 업데이트하세요.

ruleset(name="infiles") {
action(type="omfwd" protocol="tcp" target="<OPW_HOST>" port="<OPW_PORT>")
}

<OPW_HOST>는 Observability Pipelines Worker와 연결된 호스트(또는 로드 밸런서)의 IP/URL입니다.

CloudFormation 설치의 경우,LoadBalancerDNS CloudFormation 출력 값에 사용해야 할 올바른 URL이 포함되어 있습니다.
Kubernetes 설치의 경우 Observability Pipelines Worker 서비스의 내부 DNS 레코드를 사용할 수 있습니다(예: opw-observability-pipelines-worker.default.svc.cluster.local).

syslog-ng

Observability Pipelines Worker에 syslog-ng 로그를 보내려면 syslog-ng 구성 파일을 업데이트하세요.

destination obs_pipelines {
  http(
      url("<OPW_HOST>")
      method("POST")
      body("&lt;${PRI}>1 ${ISODATE} ${HOST:--} ${PROGRAM:--} ${PID:--} ${MSGID:--} ${SDATA:--} $MSG\n")
  );
};

<OPW_HOST>는 Observability Pipelines Worker와 연결된 호스트(또는 로드 밸런서)의 IP/URL입니다.

CloudFormation 설치의 경우,LoadBalancerDNS CloudFormation 출력 값에 사용해야 할 올바른 URL이 포함되어 있습니다.
Kubernetes 설치의 경우 Observability Pipelines Worker 서비스의 내부 DNS 레코드를 사용할 수 있습니다(예: opw-observability-pipelines-worker.default.svc.cluster.local).

Forward third-party logs to the Observability Pipelines Worker

Syslog is a widely used logging protocol for sending network logs to a central server. Many network devices support syslog output, so you can forward third-party logs to the Observability Pipelines’s syslog source for processing and routing. Examples of these third-party services include: