With SigNoz you can collect your syslogs logs and perform different queries on top of it.
In this blog we will configure
rsyslog to forward our system logs to tcp endpoint of otel-collector and use
syslog receiver in otel-collector to receive and parse the logs.
Below are the steps to collect syslogs.
docker-compose.yamlfile present inside
deploy/docker/clickhouse-setupto expose a port, in this case
54527so that we can forward syslogs to this port.
Add the syslog reciever to
otel-collector-config.yamlwhich is present inside
- type: move
Here we are collecting the logs and moving message from attributes to body using operators that are available. You can read more about operators here
For more configurations that are available for syslog receiver please check here.
Next we will modify our pipeline inside
otel-collector-config.yamlto include the receiver we have created above.
receivers: [otlp, syslog]
Now we can restart the otel collector container so that new changes are applied and we can forward our logs to port
rsyslog.conffile present inside
sudo vim /etc/rsyslog.confand adding the this line at the end
*.* action(type="omfwd" target="0.0.0.0" port="54527" protocol="tcp")
For production use cases it is recommended to using something like
*.* action(type="omfwd" target="0.0.0.0" port="54527" protocol="tcp"
So that you have retires and queue in place to de-couple the sending from the other logging action.
The value of
targetmight vary depending on where SigNoz is deployed, since it is deployed on the same host I am using
0.0.0.0for more help you can visit here
Now restart your rsyslog service by running
sudo systemctl restart rsyslog.service
You can check the status of service by running
sudo systemctl status rsyslog.service
If there are no errors your logs will be visible on SigNoz UI.