Documentation forLoggly

Syslog Configuration Scripts

Loggly provides the infrastructure to aggregate and normalize log events so they are available to explore interactively, build visualizations, or create threshold-based alerting. In general, any method to send logs from a system or application to an external source can be adapted to send logs to Loggly. The following instructions provide one scenario for sending logs to Loggly.

Loggly offers a variety of syslog configuration scripts that will automatically configure Linux systems to send logs to Loggly. These scripts support Rsyslog, which is the most popular syslog daemon included with major distributions of Linux including Ubuntu, Red Hat, Amazon EC2, and more.

The following scripts run in just a few seconds and will perform several system compatibility checks, configure rsyslog using best practices, and verify the logs reach to our system. It assumes you have sudo access, you’re on a common linux distribution with rsyslog 5.8 or higher, it receives local system logs, and port 514 (insecure logging port) 6514 (secure logging port) is open to outbound connections. They are open source and available to access on GitHub.

1. Configure-linux script

This script sends the system logs to Loggly. The script by default send the logs securely but if package manager (rsyslog-gnutls) could not be installed in your distribution then it will ask to switch to the insecure mode in order to send logs successfully. Run the automatic configure-linux bash script below to setup rsyslog. Alternatively, you can manually configure rsyslog.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a <subdomain> -t <token>-u <username>

Replace:

  • <subdomain>: your account subdomain that you created when you signed up for Loggly
  • <token> (optional): your customer token from the source setup page
  • <username>: your Loggly username

Script Usage

configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s suppress prompts (optional)] [--insecure {Insecure mode} (optional)] [--force-secure {Force Secure Mode} (optional)]
configure-linux [-r to remove]
configure-linux [-h for help]

Configure

  • Configures rsyslog to send logs to Loggly

Remove

  • Uninstalls Loggly from your system

Suppress prompts

  • Suppressing the interactive prompts allows you to run it automatically using default settings

Insecure Mode

  • Insecure mode allows you to send your logs insecurely on port 514

Force Secure Mode

  • Force secure will send the logs forcefully to secure mode. It prevents swiching to insecure mode even if package rsyslog-gnutls could not be downloaded. This will set the TLS configurations. On manually installing the rsyslog-gnutls package, secure sending will be started.

Script Actions for Configure-linux Script

The script will perform over 10 system checks below to make sure your system is compatible with Loggly and that it can successfully send logs to Loggly. To configure the system, it executes the same instructions in rsyslog manual configuration by writing a configuration file named /etc/rsyslog.d/22-loggly.conf which will send the system logs to Loggly. It then restarts the rsyslog service so the changes take effect. The verification step sends a test log message with a UUID, and then retrieves it back through Loggly’s search API. If it is able to retrieve the log, then the configuration is successful. It also logs the status of your setup experience to Loggly so our support team can help if you have trouble.

System Checks

  1. checkAuthTokenAndWriteContents – Check if authentication token is valid and then write contents to 22-loggly.conf file to /etc/rsyslog.d directory
  2. checkIfLogglyServersAccessible – Check if the Loggly servers are accessible. If not, ask user to check network connectivity & exit
  3. checkIfLogsMadeToLoggly – Check if the logs are going to loggly from linux system now
  4. checkIfMinVersionOfRsyslog – Check for the minimum version of rsyslog i.e 5.8.0. If no, then exit
  5. checkIfMultipleRsyslogConfigured – Check if multiple rsyslog are present in the system. If yes, then exit
  6. checkIfRsyslogConfiguredAsService – Check if rsyslog is configured as service. If no, then exit
  7. checkIfSelinuxServiceEnforced – Check if selinux service is enforced. if yes, ask the user to manually disable and exit the script
  8. checkIfSupportedOS – Check if the OS is supported by the script. If no, then exit
  9. checkIfUserHasRootPrivileges – Check if the user has root permission to run this script
  10. checkIfValidAuthToken – Check if authentication token is valid. If no, then exit
  11. checkIfValidUserNamePassword – Check if the user credentials are valid. If no, then exit
  12. checkIfPackageManagerIsPresent – Check if package manager (apt-get or yum) is available. If no, then script will ask to switch to insecure mode. If user denies for switching then exit.
  13. checkIfRequiredDependenciesAreNotInstalled – Check if curl and ping executables are not available in the machine. If yes, then exit because these are required dependencies to run the script smoothly.
  14. checkIfTLS – Check if the user is sending the logs insecurely. If yes, then script will give a prompt to switch to secure mode.

Source Code

The configuration script is open source and you can review or modify it’s behavior as needed for your system. It’s available on GitHub.

The below scripts invoke the configure-linux script to configure Linux System first. After configuring the Linux system, it continues further setup.

NOTE: The below scripts invoke the configure-linux script to configure Linux System first. After configuring the Linux system, it continues further setup.

2. Configure-file-monitoring script

Run our automatic configure-file-monitoring script below to continuously read the files and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below. The script supports fixed filenames as well as wildcards and directories. If you configure it to monitor a directory it will check every five minutes for new files.

curl -O https://www.loggly.com/install/configure-file-monitoring.sh
sudo bash configure-file-monitoring.sh -a <subdomain> -u <username> -f <filename> -l <alias>

Replace:

  • <subdomain>: your account subdomain that you created when you signed up for Loggly
  • <username>: your Loggly username
  • <filename>: the file or directory you want to monitor, can contain wildcards but cannot contain spaces
  • <alias>: an easy to recognize name for the syslog.appName field. Must be unique for each file.

Script Usage

usage: configure-file-monitoring [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-f filename] [-tag filetag1,filetag2 (optional)] [-l filealias] [-s suppress prompts {optional)]
usage: configure-file-monitoring [-a loggly auth account or subdomain] [-r to rollback] [-l filealias]
usage: configure-file-monitoring [-h for help] 

NOTE: The default value of tag will be set as "file". You can set your own tag by passing it in the script command using the parameter -tag. Please see the script usage section.

Script Actions for Configure-file-monitoring Script

  1. checkIfFileLocationContainSpaces – Check if file location contain spaces. If yes, then exit.
  2. checkIfFileExist – Check if file exist. If no, then exit.
  3. checkIfFileAliasExist – Check if File alias exist. If yes, then script will give a prompt to overwrite the configuration for that file alias.
  4. checkFileReadPermission – Checks file Read permission. If file access not permitted, then script gives warning message that it can fail at the verification step.

3. Configure-nginx script

Run the automatic configure-Nginx bash script below to setup rsyslog. It supports logs in the standard nginx directory for your distribution, but for virtual host support you must edit the generated file to add additional virtual hosts.

curl -O https://www.loggly.com/install/configure-nginx.sh
sudo bash configure-nginx.sh -a <subdomain> -u <username>

Replace:

  • <subdomain>: your account subdomain that you created when you signed up for Loggly
  • <username>: your Loggly username

Script Usage

usage: configure-nginx [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-tag filetag1,filetag2 (optional)] [-s suppress prompts {optional)]
usage: configure-nginx [-a loggly auth account or subdomain] [-r to rollback]
usage: configure-nginx [-h for help] 

NOTE: The default value of tag will be set as "nginx". You can set your own tag by passing it in the script command using the parameter -tag. Please see the script usage section.

Script Actions for configure-nginx Script

checkNginxDetails – Check if init script is present at /etc/init.d directory. If not, then exit.

4. Configure-apache script

Run the automatic configure-apache bash script below to setup rsyslog. It supports logs in the standard nginx directory for your distribution, but for virtual host support you must edit the generated file to add additional virtual hosts.

curl -O https://www.loggly.com/install/configure-apache.sh
sudo bash configure-apache.sh -a <subdomain> -u <username>

Replace:

  • <subdomain>: your account subdomain that you created when you signed up for Loggly
  • <username>: your Loggly username

Script Usage

usage: configure-apache [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-tag filetag1,filetag2 (optional)] [-s suppress prompts {optional)]
usage: configure-apache [-a loggly auth account or subdomain] [-r to rollback]
usage: configure-apache [-h for help] 

NOTE: The default value of tag will be set as "apache". You can set your own tag by passing it in the script command using the parameter -tag. Please see the script usage section.

Script Actions for configure-apache Script

  1. checkApacheDetails – Check if init script is present at /etc/init.d directory. If not, then exit.
  2. checkIfSupportedApacheVersion – Check for the Apache version 2. If not, then exit.

Source Code

The configuration scripts are open source and you can review or modify it’s behavior as needed for your system. It’s available on GitHub.

Troubleshooting Your Syslog Script Configuration

  • Rsyslog-Gnutls Package

    Sample Error Messages:

    Package rsyslog-gnutls is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source 

    If you see this error then you must first update your package manager’s repository by running the below command:

    sudo apt-get update 
  • Try manually configuring rsyslog if the script doesn’t work
  • See our Rsyslog Troubleshooting Guide
  • Search or post your own Configure syslog script questions in the community forum.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.