Ship Linux logs

Configuration

Before you begin, you’ll need:

• Root access
• Port 5000 open

Run the rsyslog configuration script

Replace <<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to.

Replace <<LISTENER-HOST>> with the host for your region. For example, listener.logz.io if your account is hosted on AWS US East, or listener-nl.logz.io if hosted on Azure West Europe.

curl -sLO https://github.com/logzio/logzio-shipper/raw/master/dist/logzio-rsyslog.tar.gz \
  && tar xzf logzio-rsyslog.tar.gz \
  && sudo rsyslog/install.sh -t linux -a "<<LOG-SHIPPING-TOKEN>>" -l "<<LISTENER-HOST>>"

The above assumes the following defaults:

• Log location - /var/log/
• Log type - syslog

Check Logz.io for your logs

Give your logs some time to get from your system to ours, and then open Kibana. You can search for type:syslog to filter for your logs. Your logs should be already parsed thanks to the Logz.io preconfigured parsing pipeline.

If you still don’t see your logs, see log shipping troubleshooting.