Ho to set up rsyslog to send data to LOGalyze

What is rsyslog?

Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features such as using TCP for transport.

Source: http://en.wikipedia.org/wiki/Rsyslog

1. Create a TCP/UDP syslog collector in LOGalyze

Go to Admin/Collectors. Add a new Collector with the following settings:

  • DTP: socket
  • DF: syslog

Set the required socket and syslog parameters, save collector config and restart LOGalyze Engine.

2. Send log data wit rsyslog

2.1 Send log data from file with rsyslog

Edit your rsyslog.conf file (usually in /etc/):

$ModLoad imfile
$InputFileName /var/log/your.log
$InputFileTag prefixtag:
$InputFileStateFile stat-prefixtag
$InputFileSeverity info
$InputFilePollInterval 10

*.* @@logalyzehost:1670

Be sure to replace the logalyzehost and port of 1670 with the address and port that is shown under your Admin > Collectors page. This configuration will make rsyslog send all of your logs from your.log to LOGalyze. If you do not like this behavior, add this first line:

& ~

If you want to send data over UDP instead of TCP (although we do recommend TCP), the last line of your rsyslog.conf edit should be:

*.* @logalyzehost:[PORT #]

The InputFileTag line tells rsyslog what to add as the tag in the log records.

The InputFileStateFile is the file that will keep track of how much of that file you have already sent in. Make this unique for each file that you are using.


2.2 Sending syslog with rsyslog

To send simple syslogs to LOGalyze with rsyslog you should use the following configuration:

*.* @logalyzehost:[PORT #]


*.* @@logalyzehost:[PORT #] 

Note that # is for comments. You can use the old filters from syslog.conf instead of *.*. For example: *.info, local0.*, etc.


LOGalyze on Twitter