Configuring the Logging agent for (r)Syslog logs
You can deploy a Logging agent to collect and route (r)Syslog messages from a Syslog server to an IBM Cloud Logs instance.
Before you begin
Be sure that you have deployed the Logging agent on Linux. For more information, see Managing the agent Linux environments.
Step 1. Setting up the Logging agent configuration
You can configure the Logging agent to collect (r)Syslog messages through a Unix socket server (UDP or TCP) or over the network using TCP or UDP.
-
Edit the
fluent-bit.conf
file in the/etc/fluent-bit/
folder. -
Choose the type of configuration for the agent to collect the Syslog messages. Add the following input sections:
-
To listen for Syslog messages on the Unix socket
[INPUT] Name syslog Path /tmp/in_syslog Buffer_Chunk_Size 32000 Buffer_Max_Size 64000 Receive_Buffer_Size 512000
-
To listen for Syslog messages on the Network mode over TCP
[INPUT] Name syslog Parser syslog-rfc3164 Listen 0.0.0.0 Port 5140 Mode tcp
-
To listen for Syslog messages on the Unix socket mode over UDP
[INPUT] Name syslog Parser syslog-rfc3164 Path /tmp/fluent-bit.sock Mode unix_udp Unix_Perm 0644
-
Step 2. Stop and start the agent
Run the following commands.
systemctl daemon-reload
systemctl restart fluent-bit
Run the following command to start the agent if you want to receive the Syslog messages from localhost in TCP mode.
<FLUENT-BIT-INSTALL-DIR>/bin/fluent-bit -c /etc/fluent-bit/fluent-bit.conf
Step 3. Verify that logs are being delivered to your target destination
Complete the following steps depending on your target type.
-
When your agent is correctly configured, you can see logs through the default dashboard view.