IBM Cloud Docs
Configuring the Logging agent for (r)Syslog logs

Configuring the Logging agent for (r)Syslog logs

You can deploy a Logging agent to collect and route (r)Syslog messages from a Syslog server to an IBM Cloud Logs instance.

Before you begin

Be sure that you have deployed the Logging agent on Linux. For more information, see Managing the agent Linux environments.

Step 1. Setting up the Logging agent configuration

You can configure the Logging agent to collect (r)Syslog messages through a Unix socket server (UDP or TCP) or over the network using TCP or UDP.

  1. Edit the fluent-bit.conf file in the /etc/fluent-bit/ folder.

  2. Choose the type of configuration for the agent to collect the Syslog messages. Add the following input sections:

    • To listen for Syslog messages on the Unix socket

      
      [INPUT]
          Name                syslog
          Path                /tmp/in_syslog
          Buffer_Chunk_Size   32000
          Buffer_Max_Size     64000
          Receive_Buffer_Size 512000
      
    • To listen for Syslog messages on the Network mode over TCP

      
      [INPUT]
          Name     syslog
          Parser   syslog-rfc3164
          Listen   0.0.0.0
          Port     5140
          Mode     tcp
      
      
    • To listen for Syslog messages on the Unix socket mode over UDP

      
      [INPUT]
          Name      syslog
          Parser    syslog-rfc3164
          Path      /tmp/fluent-bit.sock
          Mode      unix_udp
          Unix_Perm 0644
      
      

Step 2. Stop and start the agent

Run the following commands.

systemctl daemon-reload
systemctl restart fluent-bit

Run the following command to start the agent if you want to receive the Syslog messages from localhost in TCP mode.

<FLUENT-BIT-INSTALL-DIR>/bin/fluent-bit -c /etc/fluent-bit/fluent-bit.conf

Step 3. Verify that logs are being delivered to your target destination

Complete the following steps depending on your target type.

  1. Go to the web UI for your IBM Cloud Logs instance.

  2. When your agent is correctly configured, you can see logs through the default dashboard view.