How to Configure Rsyslog in Linux for sending Linux Systems Logs to Loggly

Hello Friends,

In this blog ,I am going to explain you how to configure rsyslog in Linux systems for sending logs to Loggly.

In common  linux distribution with rsyslog 1.19 , rsyslog receives your system logs, and port 514 is open for connection that departing your data to another destination.

Steps need to follow for Configuration 

Step-1 : First we need to update rsyslog configuration files ,open your rsyslog.conf file in vim editor in insert mode.

 Mostly its found on /etc/ directory.

command for open file in vim editor     sudo  vim /etc/rsyslog.conf 

Press i to go insert mode and copy paste below code inside the file under the  GLOBAL DIRECTIVES 

 $template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"TAG\"] %msg%\n"

*.* @@logs-01.loggly.com:514;LogglyFormat

 

Replace Following variable 

 TAG      :  Replace with a tag that describes the syslog source.

 TOKEN : TOKEN replace with your customer token (token provided by loggly after loggly account has been created)

After replacing the variables, Press ESC or Ctrl+c to out from insert mode.

Command for save your changes 

:wq   type this and enter for exiting vim editor after saving your Changes.

Step 2: Restart Rsyslog service.

 command for restart rsyslog  sudo service rsyslog restart.

Step 3 : Verify the logs on Loggly.

Wait 5-10 minutes after setup .For verifiy logs on Loggly .Type "tag:your tag name" on searchbox and search logs received in  last 10 minutes.