Syslog-ng

Syslog-ng is an open source implementation of syslog. You can use syslog-ng to monitor log files on your servers and forward them to Logentries.  We support two methods of forwarding rsyslog events to Logentries, which are explained below. We recommend using our Token-based input method which brings additional security and is independent of the actual source IP address.

Token-based Logging

Create a new Host in the UI. Inside this host, create a new Log and select Token TCP and Register the log, you will receive a unique Token UUID which will be printed under the form and then beside the log name in the list of logs. Enter this token in the template section below and copy the full configuration to your syslog-ng config file at /etc/syslog-ng/etc/syslog-ng.conf
template logentriesTemplate {
	 template("TOKEN_HERE $ISODATE $HOST $MSG\n"); template_escape(no); 
};

source s_all {
       internal();
       unix-stream("/var/log/error.log");
};

destination d_network_logentries {
       tcp("api.logentries.com" port(10000) template(logentriesTemplate));
};

log {
	source(s_all); destination(d_network_logentries);
};

Plain TCP/UDP Forwarding (Legacy)

If you would rather use a more basic syslog approach, we support that as well. Create a host in the Logentries UI. Inside that, create a log and select Plain TCP/UDP and Register the log, you will receive a PORT number to use which will be printed under the form and beside the log name in the list of logs. Enter this PORT number in the destination section of the configuration below and copy the full configuration to your syslog-ng configuration file at /etc/syslog-ng/etc/syslog-ng.conf
source s_all {
  internal();
  unix-stream("/var/log/error.log");
};
destination d_logentries {
  tcp("api.logentries.com" port(PORT));
};
log {
  source(s_all); destination(d_logentries);
};

Restart

Then restart your syslog-ng server by entering the command below:
sudo service syslog-ng restart

@version Required in Syslog-ng 3.0+ configuration file.

Every syslog-ng configuration file must begin with a line containing the version information of syslog-ng. For syslog-ng version 3.6, this line looks like:

@version: 3.6
Versioning the configuration file was introduced in syslog-ng 3.0. If the configuration file does not contain the version information, syslog-ng assumes that the file is for syslog-ng version 2.x. In this case it interprets the configuration and sends warnings about the parts of the configuration that should be updated. Version 3.0 and later will correctly operate with configuration files of version 2.x, but the default values of certain parameters have changed since 3.0. Further information regarding this requirement may be found  here.

Troubleshooting

Please refer to the syslog section for troubleshooting general syslog services.
Back to Top