share

Sematext Syslogd Integration

With plain syslogd, you can send logs to Sematext Logs Management App via UDP if you add this line to your /etc/syslog.conf:

*.* @logsene-syslog-receiver.sematext.com

Before you restart syslogd, register your public IP. If you're behind a NAT or registering IPs doesn't suit your use-case, there are other options:

  • if you just want to test sending a few logs to Logs Management App, you can use your application token in a CEE-formatted JSON message. For example:
logger '@cee: {"logsene-app-token": "LOGSENE_APP_TOKEN_GOES_HERE", "message": "hello world!"}'
  • change your syslog daemon from syslogd to rsyslog or syslog-ng or anything else that lets you format your messages, so you can build a JSON containing your Logs Management application token like the one above
  • similar to the solution above, you can use a separate machine for consolidating your logs, where you'd install rsyslog or syslog-ng. Configure that machine to send logs to Logs Management App, and configure your syslogd to send logs to your logs to your "central" rsyslog/syslog-ng via UDP:
*.* @central-syslog-server

If your central machine is running syslog-ng, you'll have to add an udp() option to your source() statement in /etc/syslog-ng/syslog-ng.conf:

udp()

If your central machine is running rsyslog, you'll have to load the UDP input module and run it on the standard port 514:

$ModLoad imudp
$UDPServerRun 514