Versions Compared

Old Version 6

changes.mady.by.user Otis Gospodnetić

Saved on

compared with

New Version 7

changes.mady.by.user Radu Gheorghe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Code Block
collapsetrue
mkdir /opt/syslog-ng
cd /opt/syslog-ng
wget https://apps.sematext.com/cert/DigiCertCA.pem                # md5sum is 9e028401b52ca7453f6b05caa9643c89
wget https://apps.sematext.com/cert/DigiCert_Global_Root_CA.pem   # md5sum is 3816293340b05c52bcbc99a4f00b1b04

# openssl x509 -subject_hash -noout -in DigiCert_Global_Root_CA.pem 
# 3513523f
ln -s DigiCert_Global_Root_CA.pem 3513523f.0
 
# openssl x509 -subject_hash -noout -in DigiCertCA.pem 
# 198c28f685cf5865
ln -s DigiCertCA.pem 198c28f685cf5865.0

Then, you'll configure the destination in a similar fashion to plain TCP, except for adding tls() statement and pointing it to your newly created certificates directory and changing the port to 10514:

...

Code Block
filter user_tests { facility(kern) and level(err) };

destination logsene_tests {
    syslog("logsene-receiver-syslog.sematext.com"
      transport("tcp")
      port(514)
      template("@cee: $(format-json --pair message=\"$MSG\" --pair tags=\"kernel errors\" --pair logsene-app-token=\"99c4e20d-3812-46e3-9801-e8331a01a5b1\")\n")
    );
};

log { source(all_syslog); filter(user_tests); destination(logsene_tests); flags(final); };
# main Logsene "log" statement will be defined below

 

Notice the final flag to this log statement - this prevents syslog-ng from sending matched events twice (once with tags and once without). Make sure you place the log statement with tags before your main Logsene log statement.