Send Systemd Logs to Loggly
You can configure systemd or journald to send logs to Loggly using your default syslog daemon, so there are no proprietary agents needed. This guide will configure your system to send the standard Systemd logs, and offer a foundation to monitor file and application logs.
This Systemd logging guide assumes you have sudo access, you’re on a Systemd supported linux distribution with rsyslog 5.8 or higher, it receives local systemd logs, and port 514 is open to outbound connections. If you have different requirements, please see the Advanced Options below.
1. Configure Syslog Daemon
Run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.
curl -O https://www.loggly.com/install/configure-linux.sh sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME
- SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
- USERNAME: your Loggly username, which is visible at the top right of the Loggly console
You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.
2. Configuring journald
Open the /etc/systemd/journald.conf file and uncomment the following to send logs to syslog.
3. Restart Journald
Copy and paste the following command in terminal to restart systemd-journal
systemctl restart systemd-journald
4. Verify Events
Search Loggly over the past sometime to logs with appName as journal. It may take a few minutes to index them. If you don’t see them, check the troubleshooting section below.
Click on one of the logs to show a list of journal fields.
Advanced Systemd Logging Options
- Centralizing Systemd Logs – Discusses pros/cons of different approaches to centralizing systemd logs
- Troubleshoot Problems Using Linux Logs – Find the root cause of login failures, memory problems, and more
Troubleshooting Linux Syslog
- Try manually configuring rsyslog if the script doesn’t work
- See our Rsyslog Troubleshooting Guide
- Search or post your own question in the community forum.
When the APM Integrated Experience is enabled, Loggly shares a common navigation and settings with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.