Syslogd

The syslogd that ships with BSD based systems allows for TCP forwarding. However UDP is only supported on OSX and a number of Linux platforms. To configure syslog to forward your logs to InsightOps you will need to modify your syslog config file (usually at /etc/syslog.conf) and restart syslog.

basic

Setup: Token TCP

Add a new log in the InsightOps UI by selecting the Manual Configuration option in the Add a Log page and selecting Plain TCP/UDP. After create the log you will receive a unique PORT which will be printed under the form and then beside the log name in the list of logs.

To forward via TCP you usually add the following line to your configuration file, although we recommend to check the documentation for your syslog distribution:


 
1
*.* @@data.logentries.com:PORT

For UDP syslog forwarding the following be added:


 
1
*.* @data.logentries.com:PORT

Restart

In order to accept a new configuration, you will need to restart your syslog server:


 
1
/etc/init.d/syslog stop
2
/etc/init.d/syslog start

Another way to do this is to find the syslog process and send a HUP signal to it:


 
1
ps -ax |grep syslog
2
1334 ??   0:00.40 /usr/sbin/syslogd
3
kill -HUP 1334

Testing

To test if syslog has been set up correctly you can log an event to syslog using the ``logger``` command:


 
1
logger -t test "Here's an example log entry"

Next check your logs configured in InsightOps to see if any events have been recorded.

Did this page help you?

Adding Data Structures

Syslog

Adding Data Structures

Syslog-ng