Syslog Configurations

It usually takes a few minutes to configure your default logging systems and any configurations can be made so that logging to local files is left intact. To help with managing retention and storage needs, you may wish to turn off local logging when you are certain we are receiving all your events.

You can check which logging service you are running (on most Linux based systems) by checking your process list from the command line:

ps -ax |grep yslog

Loggly strongly recommends install Syslog-NG to monitor logs on your server, especially if you need to monitor files which normally don't make their way into syslog. If you don't have a preference for a logging solution, you should follow the instructions on the Syslog-ng Installation page to start logging to us.

Installed solutions for logging vary widely. Often times, you may find your syslog server is running an older, less feature rich version than what you need to get the most out of Loggly. The following table attempts to document the features of these different syslog based servers and the features they support. You can use the links to jump to the configuration page for that particular server.

If you find this information incomplete or out of date, please feel free to help out by fixing it right now! :)

Your plain old syslog on Linux may only support sending events via UDP on port 514. There are some exceptions to this rule, such as the syslog server that ships with BSD based systems or Apple's OSX. If you are running OSX's syslog, you may use custom ports. Note: neither flavor of plain old syslog monitors regular text files!

If you think your syslog support sending logs over UDP on a custom port number, read on. If your syslog only supports sending on UDP port 514, please see the Syslog 514 Input page.

To send us data over UDP with syslog, you'll need create an UDP input in your account. Navigate to the input tab, and then click the add input button at the bottom. Name your input and give it a description:

Edit your syslogd.conf file, usually found in /etc/syslogd.conf, and add the following line at the bottom of the file:

*.*    @logs.loggly.com:[PORT]

Be sure you use the correct port from the input you created! After you've saved the configuration file, you'll need to restart syslog. A simple cross-platform way to do this is by getting a process list, then sending a HUP signal to the process ID:

sh-3.2# ps -ax |grep syslog
15 ??   0:00.49 /usr/sbin/syslogd
sh-3.2# kill -HUP 15  

Remember, plain ol' syslog servers don't support TCP! You need to use either rsyslog or syslog-ng. To send us data via TCP, you'll need create an TCP input in your account. Navigate to the input tab, and then click the add input button at the bottom. Name your input and give it a description:

Edit your syslogd.conf file, usually found in /etc/syslogd.conf, and add the following line at the bottom of the file:

*.*    @@logs.loggly.com:[PORT]

Note: The TCP protocol is defined with the two @@ signs.

Be sure you use the correct port from the input you created! After you've saved the configuration file, you'll need to restart syslog. A simple cross-platform way to do this is by getting a process list, then sending a HUP signal to the process ID:

sh-3.2# ps -ax |grep syslog
15 ??   0:00.49 /usr/sbin/syslogd
sh-3.2# kill -HUP 15  

You should now be able to test sending events to us by using the command line tool logger:

logger -t test "i'd rather be playing minecraft than writing docs!"

Jump into the shell, and do a search for part of the event you just sent us:

search minecraft

You should see a result of your search after 15-20 seconds:

For more information, see the rsyslog and syslog-ng wiki pages.