Skip to content

RabbitMQ Logs Integration

To make use of the Sematext RabbitMQ Logs integration, you'll need to send parsed RabbitMQ logs to your Sematext Logs App. The easiest way is via Logagent, which can parse RabbitMQ logs out of the box.

Once data is in, you can explore it via the built-in reports:

RabbitMQ Logs Overview

Be sure to check out the RabbitMQ Monitoring integration as well, to get a complete view on RabbitMQ. For example, if you see an increase in authentication errors, monitoring can tell what's the impact on RabbitMQ's memory usage, garbage collection and CPU.

Setting up Logagent

With Node.js installed, you'd first need to install Logagent:

sudo npm i -g @sematext/logagent

Then, write a config file that tails your RabbitMQ logs and sends them to your RabbitMQ Logs App. Parsing happens out of the box, since we match the rabbit source:

# Global options
  # print stats every 60 seconds 
  printStats: 60
  # don't write parsed logs to stdout
  suppress: true

    - /var/log/rabbitmq/**/*.log

    module: elasticsearch
    # use for the EU region
      # send RabbitMQ logs to this Logs App
        - .*rabbit.*\.log

Finally, use logagent-setup to copy the config to /etc/sematext/logagent.conf, then set up the init script and start Logagent:

sudo logagent-setup -c /path/to/logagent.conf

If you already have Logagent installed, you can simply append to the files input the RabbitMQ log file, then the two lines (token+pattern) in the elasticsearch output. In the end, restart Logagent.

Exploring logs

Once data is in, you can explore it using the built-in reports or create your own. For example, you can use the Authentication report to check on granted and denied connections:

RabbitMQ Authentication Report

Other built-in reports include:

  • Connections: Logs specifically about accepted and closed connections. You can see here when you have spikes in connection creation. You can also identify noisy sources, users, as well as popular destinations.
  • Start & Stop: Logs about RabbitMQ startup and shutdown. Besides unexpected restarts, you can find info about which write-ahead logs (WALs) were recovered.


If you have trouble sending logs, try out the latest version of Logagent via sudo npm i -g @sematext/logagent. Also, make sure Logagent is pointed to the right path and Logs App token.

If logs don't get parsed properly, or you need additional parsing, feel free to open an issue or to contribute to Logagent built-in patterns. These patterns are open-source, as well as Logagent itself.