Document toolboxDocument toolbox

Simple sending using syslog-ng

This article describes how to manually configure syslog-ng send system log events to Devo over an unsecured channel. This is the recommended procedure when you want to forward events within your network to a Devo In-House Relay.

There are three simple steps:

Edit the syslog-ng.conf file

To forward the internal logs of a system to a Devo relay over TCP, add the following line to the /etc/syslog-ng/syslog-ng.conf configuration file: 

source s_src { system(); internal(); }; destination d_devo_unix { tcp("DEVO-RELAY-IP" port(PORT) template("<$PRI>$DATE $HOST box.unix.$PROGRAM: $MESSAGE\n") ); }; log { source(s_src); destination(d_devo_unix); };
  • Replace DEVO-RELAY-IP and PORT with the IP address and port of the Devo relay. To view a list of active relays, go to Administration → Relays in the Devo web application.

  • The destination statement directs syslog-ng to forward events from syslog to the machine specified by the DEVO-RELAY-IP:PORT combination. 

Restart syslog-ng

Once you've edited the configuration file, you need to restart syslog-ng to activate the new settings. 

/etc/init.d/syslog-ng restart

Test the connection

You can make sure that the events are being forwarded to the Relay by using the logger command to write test messages to the system log. 

logger "Hello from machine01" logger "Hello from machine01" logger "Hello from machine01" logger "Hello from machine01" logger "Hello from machine01"

In the Devo web application, go to Data search. Open the box.unix data table to confirm that these logger events were forwarded and received correctly.



Related articles