Managing the Logging agent for Linux

You can deploy the Logging agent to collect and route infrastructure and application logs from RHEL8, RHEL9, Debian, and Ubuntu environments to an IBM Cloud Logs instance.

Deploying the agent

Complete the following steps to deploy an agent to a supported Linux environment.

Step 1. Define the authentication method for the agent

Choose the type of identity and the authentication method for the agent. Then, create an API key if needed.

Complete the following steps:

Choose the type of identity: user, or service ID.

You can use a user, or a service ID as the identity that is used by the agent to authenticate with the IBM Cloud Logs service.
Grant permissions for ingestion to the identity that you have chosen.

The role that is required for sending logs to IBM Cloud Logs is Sender.

For more information, see Setting up IAM permissions for ingestion.
Generate an API Key for user authentication or for service ID authentication.

For more information, see Generating an API Key for ingestion.

Step 2. Setting up and deploying the Logging agent configuration

Complete the following steps:

Log in to your Linux environment.
Download the required RPM or DEB packages. For information about the current Logging agent version, see the agent release notes.
Validate the checksum by running the following command:
```
sha256sum -c <sha256_filename>
```
Where <sha256_filename> is the filename of the download *.sha256 file.
Install the agent.
- For RHEL run:
```
rpm -ivh <rpm_filename>
```
- For Debian and Ubuntu run:
```
dpkg -i <deb_filename>
```
Where <rpm_filename> or <deb_filename> is the name of the downloaded *.rpm or *.deb file.

Download the configuration file.

https://logs-router-agent-config.s3.us.cloud-object-storage.appdomain.cloud/post-config.sh

Run the configuration script.
```
./post-config.sh -h <target_host> -p <target_port> -t <target_path> -a <auth_mode> -k <iam_api_key> [--send-directly-to-icl] [-s <vsi_secure_access_enabled>]
```
Where

-t <target_path>

Specify /logs/v1/singles to send data to an IBM Cloud Logs Routing instance.

-a <auth_mode>

Specify IAMAPIKey or VSITrustedProfile.

-k <iam_api_key>

Specify the Cloud Identity and Access Management API key (required for IAMAPIKey mode). Make sure you follow the instructions in Generating an API Key.

For more information about Cloud Identity and Access Management API Keys, see Managing API Keys.

--send-directly-to-icl

Set this parameter to send logs directly to IBM Cloud Logs.

-h <target_host>

The host for IBM Cloud Logs ingestion, found in the Endpoints section of your IBM Cloud Logs instance Overview. Use the ingress endpoint. For more information, see Ingress endpoints

-p <target_port>

Use 443 to send logs directly to IBM Cloud Logs.

-s <vsi_secure_access_enabled>

(Optional) Set this to true if you have secure access enabled in your VSI. It will be set to false by default. For example, -s true.

Step 3. Verify logs are being delivered to your target destination

Complete the following steps:

Go to the web UI for your IBM Cloud Logs instance..
When your agent is correctly configured, you can see logs through the default dashboard view.

Step 4. (Optional) Add additional metadata fields

You can add additional metadata fields to the routed logs.

Edit the fluent-bit.conf file in the /etc/fluent-bit/ folder.
Add your custom metadata using this structure:
```
 [FILTER]
    Name record_modifier
    Match *
    Record <meta.key_name> <your_custom_value>
```
Where <meta.key_name> is the name of the metadata field to be added (for example, meta.env) and <your_custom_value> is the value to be assigned to the field (for example, the name of your environment).

For example, if you want to add an environment and region name as metadata, the configuration would be similar to this:
```
[FILTER]
    Name record_modifier
    Match *
    Record meta.cluster_name my-cluster
    Record meta.env production
    Record meta.region us-east
```
Save the configuration file.
Restart the agent to apply the changes.