Documentation forSolarWinds Observability SaaS

Send logs from hosts

You can collect logs with our OTel-based SolarWinds Observability Agent, which associates collected logs with the host entity already monitored with the Agent. For hosts that are monitored with methods other than the Agent, send system logs with syslog and associate the logs with the host entity.

Use SolarWinds Observability Agents to send logs

You can use the SolarWinds Observability Agent to collect and send logs from a host machine to SolarWinds Observability SaaS. To send logs from a host machine, the host machine must already be monitored by SolarWinds Observability SaaS. See Add a self-managed host.

Repeat these steps for each folder you want to monitor on your Windows or Linux host.

Send logs from a Windows host

  1. In SolarWinds Observability SaaS, click Add Data at the top.

  2. In the Add Data dialog Intro, click Collect and analyze my logs.

  3. Click Agent-based.

  4. Select the SolarWinds Observability Agent that is installed on your host machine. Click Next.

  5. Optionally, type a name for the logs monitoring plugin in the Display Name field. This name is used to identify the deployed logs collector. Enter a name that describes what logs are being monitored to help distinguish between log collector plugins in the Agents view.

    If a custom name is not entered in the Display Name field, a default name filelog-XXXXXXXX is used.

  6. In the Logs Location field, type a path to the logs on your host machine. For example, if you want to monitor the logs that are stored in an AppLogs folder of the C-drive, type C:\AppLogs\*.log.

    Only logs that are stored with .log file type are supported.

  7. Select a poll interval, or an amount of time between polling the filesystem for logs.

  8. Select a starting location for the logs from the Start at drop-down menu. The starting location indicates where in the log file the Agent should begin reading.

  9. Review the configured settings. When the logs monitoring plugin is successfully deployed, click Analyze Logs to view the host entity's logs, or click Close.

Send logs from a Linux host

  1. In SolarWinds Observability SaaS, click Add Data at the top.

  2. In the Add Data dialog Intro, click Collect and analyze my logs.

  3. Click Agent-based.

  4. Select the SolarWinds Observability Agent that is installed on your host machine. Click Next.

  5. To grant the Agent access to the log files, add the swagent user to the adm group. Run the following command in the terminal and click Next:

    usermod -a -G adm swagent
  6. Optionally, type a name for the logs monitoring plugin in the Display Name field. This name is used to identify the deployed logs collector. Enter a name that describes what logs are being monitored to help distinguish between log collector plugins in the Agents view.

    If a custom name is not entered in the Display Name field, a default name filelog-XXXXXXXX is used.

  7. In the Logs Location field, type a path to the logs on your host machine. For example, if you want to monitor the logs that are stored in an AppLogs folder, type /AppLogs/*.log.

    Only logs that are stored with .log file type are supported.

  8. Select a poll interval, or an amount of time between polling the filesystem for logs.

  9. Select a starting location for the logs from the Start at drop-down menu. The starting location indicates where in the log file the Agent should begin reading.

  10. Review the configured settings. When the logs monitoring plugin is successfully deployed, click Analyze Logs to view the host entity's logs, or click Close.

Add system logs to a host entity

Do the following to send host or application logs to SolarWinds Observability SaaS and associate the logs with an already-monitored host entity.

  1. Forward logs from your host: Forward host logs to SolarWinds Observability SaaS using syslog. See Send logs using syslog.

  2. Associate syslog logs with an entity: Make sure your host's logs are associated with the host entity by identifying the syslog attribute sent with your host's logs.

    1. Open the Logs Identification Method dialog for your host entity one of the following methods:

      • In the Entity Explorer List View, locate the host entity. Hover over the entity's row and click the vertical ellipsis at the end of the row. Click Set Logs Identification Method.
      • In the upper-right corner of the Entity Explorer details view for a host entity, click the vertical ellipsis and click Set Logs Identification Method.
    2. Click to toggle on Identify logs for this entity using syslog attributes.

    3. Verify the value in the syslog.host field matches the host's name that is sent with your logs.