The syslogd that ships with BSD based systems allows for TCP forwarding. However UDP is only supported on OSX and a number of Linux platforms. To configure syslog to forward your logs to logentries you will need to modify your syslog config file (usually at /etc/syslog.conf) and restart syslog.

TCP Forwarding

The first thing you need to do is create a new Log using the Logentries Web UI.  You can add a new log by clicking on the Add New Log button

add_new_log_buttonand then selecting Manual Configuration.  

Once inside manual configuration, enter a name for your new log and select Plain TCP/UDP and select the options to Register the log.
enter_plainTCP_UDP_log_detailsYou can select Click here to add your new log to an existing host or you can select the Register new log button.  
Adding a new log to existing host will display a drop down menu of currently existing Hosts / Log Sets, select the Host in which you want this log created inside and then select Register new log.  

If you want to create a manual host for this specific log, simply click on the Register new log button.  In this case, a new log will be created inside of a host titled “Manual Host”.  If you would like, you have the ability to change the name of this Host.

Upon successfully creating a new Log, you will receive a message noting successful registering of this log.

tcp_udp_log_created_successYou will receive a PORT number which is used in the below steps.  To forward via TCP you usually add the following line to your configuration file, although we recommend to check the documentation for your syslog distribution:
For UDP syslog forwarding the following should be added:
Note the single @ for UDP.


In order to accept a new configuration, you will need to restart your syslog server:
/etc/init.d/syslog stop
/etc/init.d/syslog start
Another way to do this is to find the syslog process and send a HUP signal to it:
tparso-laptop# ps -ax |grep syslog
1334 ??   0:00.40 /usr/sbin/syslogd
tparso-laptop# kill -HUP 1334


To test if syslog has been set up correctly you can log an event to syslog using the logger command:
logger -t test "Here's an example log entry"
Next check your logs configured in Logentries to see if any events have been recorded.


Please refer to the syslog section for troubleshooting general syslog services.
Back to Top