The syslogd that ships with BSD based systems allows for TCP forwarding. However UDP is only supported on OSX and a number of Linux platforms. To configure syslog to forward your logs to logentries you will need to modify your syslog config file (usually at
/etc/syslog.conf) and restart syslog.
The first thing you need to do is create a new Host in the UI, then inside that create a new Log and select Plain TCP/UDP and Register the log. You will receive a PORT number which is used in the below steps.
To forward via TCP you usually add the following line to your configuration file, although we recommend to check the documentation for your syslog distribution:
For UDP syslog forwarding the following should be added:
Note the single
@ for UDP.
In order to accept a new configuration, you will need to restart your syslog server:
/etc/init.d/syslog stop /etc/init.d/syslog start
Another way to do this is to find the syslog process and send a HUP signal to it:
tparso-laptop# ps -ax |grep syslog 1334 ?? 0:00.40 /usr/sbin/syslogd tparso-laptop# kill -HUP 1334
To test if syslog has been set up correctly you can log an event to syslog using the
logger -t test "Here's an example log entry"
Next check your logs configured in Logentries to see if any events have been recorded.
Please refer to the syslog section for troubleshooting general syslog services.
Contact us over the in-app support channel or via email email@example.com.