Logentries supports both TCP and UDP syslog forwarding. See below for details on configuring the different versions of syslog with logentries.
Syslog uses a TCP/UDP connection for log forwarding. In order to securely identify your log entries, Logentries provides two identification methods:
api.logentries.comon a common port number
20000for SSL/TLS encryption). The token identifies all your log entries. It requires support for templates in your syslog implementation.
Determine which variant of syslog you run with the following command:
ps aux|grep syslog
The most common pitfall during syslog configuration is to not restart the daemon after the configuration change.
If you have restarted the syslog daemon without error being reported, check that the logs are actually sent to Logentries. You can do that simply using the
tcpdump command. Run as root (sudo):
tcpdump -s 1514 -X dst api.logentries.com
This command will print in an (almost) human-readable format all packets sent to
api.logentries.com. If there are no packets displayed, then something is wrong with the syslog configuration. If you don’t have
tcpdump installed, please install the package of the same name.
Contact us over the in-app support channel or via email email@example.com.