Before you begin, you’ll need:

  • Root access
  • Port 5000 open
Run the rsyslog configuration script

Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.

Replace <<LISTENER-HOST>> with the host for your region. For example, if your account is hosted on AWS US East, or if hosted on Azure West Europe.

curl -sLO \
  && tar xzf logzio-rsyslog.tar.gz \
  && sudo rsyslog/ -t linux -a "<<LOG-SHIPPING-TOKEN>>" -l "<<LISTENER-HOST>>"

The above assumes the following defaults:

  • Log location - /var/log/
  • Log type - syslog
Check for your logs

Give your logs some time to get from your system to ours, and then open Kibana. You can search for type:syslog to filter for your logs.

If you still don’t see your logs, see log shipping troubleshooting.