
We suggest you go through the setup script before you run it and make sure it doesn't do anything malicious. You should never run scripts copied from the internet in your terminal.
You can send your system logs directly to our servers over an encrypted TCP connection. Our Syslog server is listening for TCP connections on in.logtail.com:6514
and it allows only encrypted traffic. We also listen on in.logtail.com:6517
for unencrypted UDP connections.
To authenticate the incoming logs, we utilize Syslog's structured data mechanism. Every Syslog message you send to our server must include [[email protected] source_token="YOUR_LOGTAIL_SOURCE_TOKEN"]
.
We created a simple script that will configure syslog-ng
for you:
# To configure syslog-ng to run over secured TCP
wget -qO- https://logtail.com/syslog-ng/YOUR_SOURCE_TOKEN | sh
# To configure syslog-ng to run over UDP
wget -qO- https://logtail.com/syslog-ng/udp/YOUR_SOURCE_TOKEN | sh
The script will detect whether syslog-ng
is installed on your system and if it is is in place, it will create the correct configuration for your Logtail source. The script will download Let's Encrypt root certificates, but it won't install them globally.
After the script finishes successfully, you might need to restart the syslog-ng
service so that the new configuration is loaded:
systemctl restart syslog-ng
We suggest you go through the setup script before you run it and make sure it doesn't do anything malicious. You should never run scripts copied from the internet in your terminal.
1.Download CA certificates (Let's Encrypt) to enable TLS:
mkdir -p /etc/syslog-ng/ca.d
cd /etc/syslog-ng/ca.d
# TrustID X3 Root from IdenTrust
wget https://letsencrypt.org/certs/trustid-x3-root.pem
ln -s trustid-x3-root.pem $(openssl x509 -in trustid-x3-root.pem -hash -noout).0
# ISRG Root X1
wget https://letsencrypt.org/certs/isrgrootx1.pem
ln -s isrgrootx1.pem $(openssl x509 -in isrgrootx1.pem -hash -noout).0
The links to the certificates are taken from the Let's Encrypt website. You can read more about the setup in the syslog-ng documentation .
2a.To configure syslog-ng
to log over TCP, create a config file with the following content:
destination d_logtail {
syslog(
"in.logtail.com"
transport("tls")
port(6514)
tls(
peer-verify(required-trusted)
ca-dir("/etc/syslog-ng/ca.d")
trusted-dn("CN=*.logtail.com")
sni(yes)
)
);
};
rewrite add_logtail_credentials {
set("YOUR_LOGTAIL_SOURCE_TOKEN" value("[email protected]_token"));
};
log {
source(s_src);
rewrite(add_logtail_credentials);
destination(d_logtail);
};
2b.To configure syslog-ng
to log over UDP, create a config file with the following content:
destination d_logtail {
syslog(
"in.logtail.com"
transport("udp")
port(6517)
);
};
rewrite add_logtail_credentials {
set("YOUR_LOGTAIL_SOURCE_TOKEN" value("[email protected]_token"));
};
log {
source(s_src);
rewrite(add_logtail_credentials);
destination(d_logtail);
};
3.Restart the syslog-ng
service:
systemctl restart syslog-ng
4.To test your configuration, you can send a sample log:
logger "Hello from Logtail!"
Make sure to replace <YOUR_LOGTAIL_SOURCE_TOKEN>
with your own source token from Logtail.com.