Collecting Syslogs

Collect Syslogs in SigNoz Cloud

If you don’t already have a SigNoz cloud account, you can sign up here.

Step 1: Add OTel Collector Binary

Add the OpenTelemetry Collector binary to your VM by following this guide.

Step 2: Configure Syslog Receiver in OTel Collector

Add the syslog receiver to the config.yaml of the OTel Collector:

receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:54527"
    protocol: rfc3164
    location: UTC
    operators:
      - type: move
        from: attributes.message
        to: body
...

Here, we collect logs and move messages from attributes to body using operators. Read more about operators here.

For additional configurations for the syslog receiver, check here.

Step 3: Update Pipeline in OTel Collector

Modify the pipeline inside config.yaml to include the syslog receiver:

service:
    ...
    logs:
        receivers: [otlp, syslog]
        processors: [batch]
        exporters: [otlp]

Step 4: Restart OTel Collector

Restart the OTel Collector to apply the new changes.

Step 5: Modify rsyslog.conf

Run the following command to edit the rsyslog.conf file:

sudo vim /etc/rsyslog.conf

Add the following lines at the end:

template(
  name="UTCTraditionalForwardFormat"
  type="string"
  string="<%PRI%>%TIMESTAMP:::date-utc% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
)

*.* action(type="omfwd" target="0.0.0.0" port="54527" protocol="tcp" template="UTCTraditionalForwardFormat")

For production use cases, configure retries and queues:

*.*  action(type="omfwd" target="0.0.0.0" port="54527" protocol="tcp"
        action.resumeRetryCount="10"
        queue.type="linkedList" queue.size="10000" template="UTCTraditionalForwardFormat")

Step 6: Restart rsyslog Service

Restart the rsyslog service:

sudo systemctl restart rsyslog.service

Check the status:

sudo systemctl status rsyslog.service

If there are no errors, logs will be visible in the SigNoz UI.