Table of Contents |
---|
...
Code Block | ||
---|---|---|
| ||
mkdir /opt/syslog-ng cd /opt/syslog-ng wget https://apps.sematext.com/cert/DigiCertCA.pem # md5sum is 9e028401b52ca7453f6b05caa9643c89 wget https://apps.sematext.com/cert/DigiCert_Global_Root_CA.pem # md5sum is 3816293340b05c52bcbc99a4f00b1b04 # openssl x509 -subject_hash -noout -in DigiCert_Global_Root_CA.pem # 3513523f ln -s DigiCert_Global_Root_CA.pem 3513523f.0 # openssl x509 -subject_hash -noout -in DigiCertCA.pem # 198c28f685cf5865 ln -s DigiCertCA.pem 198c28f685cf5865.0 |
Then, you'll configure the destination in a similar fashion to plain TCP, except for adding tls() statement and pointing it to your newly created certificates directory and changing the port to 10514:
...
Code Block |
---|
filter user_tests { facility(kern) and level(err) }; destination logsene_tests { syslog("logsene-receiver-syslog.sematext.com" transport("tcp") port(514) template("@cee: $(format-json --pair message=\"$MSG\" --pair tags=\"kernel errors\" --pair logsene-app-token=\"99c4e20d-3812-46e3-9801-e8331a01a5b1\")\n") ); }; log { source(all_syslog); filter(user_tests); destination(logsene_tests); flags(final); }; # main Logsene "log" statement will be defined below |
Â
Notice the final flag to this log statement - this prevents syslog-ng from sending matched events twice (once with tags and once without). Make sure you place the log statement with tags before your main Logsene log statement.