Logentries Docs

Syslog-ng

Syslog-ng is an open source implementation of syslog. You can use syslog-ng to monitor log files on your servers and forward them to Logentries.

We support two methods of forwarding rsyslog events to Logentries, which are explained below. We recommend using our Token-based input method which brings additional security and is independent of the actual source IP address.


Token-based Logging

Create a new Host in the UI. Inside this host, create a new Log and select Token TCP and Register the log, you will receive a unique Token UUID which will be printed under the form and then beside the log name in the list of logs.

Enter this token in the template section below and copy the full configuration to your syslog-ng config file at /etc/syslog-ng/etc/syslog-ng.conf

template logentriesTemplate {
	 template("TOKEN_HERE $ISODATE $HOST $MSG\n"); template_escape(no); 
};

source s_all {
       internal();
       unix-stream("/var/log/error.log");
};

destination d_network_logentries {
       tcp("api.logentries.com" port(10000) template(logentriesTemplate));
};

log {
	source(s_all); destination(d_network_logentries);
};

Plain TCP/UDP Forwarding (Legacy)

If you would rather use a more basic syslog approach, we support that as well.

Create a host in the Logentries UI. Inside that, create a log and select Plain TCP/UDP and Register the log, you will receive a PORT number to use which will be printed under the form and beside the log name in the list of logs.

Enter this PORT number in the destination section of the configuration below and copy the full configuration to your syslog-ng configuration file at /etc/syslog-ng/etc/syslog-ng.conf

source s_all {
  internal();
  unix-stream("/var/log/error.log");
};
destination d_logentries {
  tcp("api.logentries.com" port(PORT));
};
log {
  source(s_all); destination(d_logentries);
};

Restart

Then restart your syslog-ng server by entering the command below:

sudo service syslog-ng restart

Troubleshooting

Please refer to the syslog section for troubleshooting general syslog services.

Back to Top