| Table of Contents | ||
|---|---|---|
|
...
- Configure one or more inputs. For example, configure rsyslog to upload send local logs, remote logs over TCP and so on
- Choose a protocol and an authentication method. For UDP, TCP, TLS and RELP you can authorize your public IP. However, we strongly recommend using the Logsene application's token, which works with all supported protocols
- Configure the output. Based on the chosen protocol and authentication method, you'll have to configure the appropriate output plugin to send logs in the desired format
...
First, configure rsyslog to receive logs that you'd like to upload send to Logsene. The most common input module is imuxsock, which will take logs from your local /dev/log socket. To start listening on local logs, add this line at the beginning of your /etc/rsyslog.conf:
...
$template kernelErrors,"<%PRI%>%TIMEREPORTED:::date-rfc3339% %HOSTNAME% %syslogtag%@cee: {\"logsene-app-token\": \"LOGSENE-APP-TOKEN-GOES-HERE\", \"message\": \"%msg:::json%\", \"tags\":[\"kernel errors\", \"urgent issues\"]}\n" |
Notice the &~ statement - this prevents rsyslog from sending matched events twice (once with tags and once without). Make sure you place these conditionals before your main Logsene action (the one starting with *.* ).