Skip to technology filters Skip to main content
Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:
Home hero bg
Syslog (via Fluentd)Syslog (via Fluentd)
Syslog (via Fluentd)

Syslog (via Fluentd)

Stream Syslog data do Dynatrace via Fluentd for analysis.

Technology
Free trialDocumentation
  • Product information

Overview

Syslog is a standard protocol for message logging and system logs management. Devices like routers, printers, hosts, switches, and many other devices across many platforms use the Syslog standard to log users' activity, system/software life-cycle events, status, or diagnostics.

In network monitoring, the Syslog protocol is very useful because of its client-server architecture, where the remote Syslog server listens to the client's log messages. Such consolidation of logging data in a central repository allows taking advantage of unified Dynatrace Log Management and Analytics Powered by Grail for actionable insights and automation.

Stream syslog via Fluentd if you already collect logs with it or if a specific use case requires an additional component (e.g., forwarding logs to different targets). If you want to benefit from a secure, trusted edge component with enterprise support and life-cycle management, please refer to Syslog ingest via Dynatrace ActiveGate.

In the case where Linux system syslog observability is the main focus, we recommend deploying OneAgent, which auto-discovers host syslog data, preserves topology context, and requires minimal configuration and maintenance.

This is intended for users who want to: Complement observability data in Dynatrace, extend the Davis AI engine and enable App Owners, DevOps, and SRE teams to analyze all syslog data centrally.

This enables you to: Leverage the Fluentd Syslog input plugin to get syslogs from your devices into Dynatrace where you can immediately benefit from Dynatrace AI-driven root cause analysis.

Get started

Set up the flow from Syslog producer over Fluentd to Dynatrace with the following steps:

  1. Get a Dynatrace API token with the logs.ingest (Ingest Logs) scope

  2. Deploy Fluentd

  • Fluentd can also run as a DaemonSet in a Kubernetes cluster. Built-in resiliency ensures data completeness and consistency even if Fluentd or an endpoint service goes down temporarily.
  1. Enable Fluentd to accept incoming Syslog messages.
  • The in_syslog input plugin enables Fluentd to retrieve records via the Syslog protocol on UDP or TCP. It is included in Fluentd's core so no additional installation is needed in this step.
  1. Use the Dynatrace Fluentd plugin to stream logs to Dynatrace cluster.
  • Open source Dynatrace Fluentd plugin uses generic log ingestion API to send logs to dynatrace.
  1. Point your devices to send syslogs to Fluentd

Details

Send syslogs to remote endpoint

Example 1: Configure Rsyslog on Linux Ubuntu to forward syslogs to a remote server.

Add the following line to the syslog daemon configuration file /etc/rsyslog.conf (UDP protocol):

*.* @<fluentd host IP>:5140

*.* - instructs the daemon to forward all messages to the specified Fluentd instance listening on port 5140 and <fluentd host IP> needs to point to the IP address of Fluentd.

@@ - if you are using TCP, type two @ symbols

Example 2: Configuring the F5 BIG-IP system to log to a remote syslog server (11.x - 17.x)

Refer to F5 BIG-IP documentation for procedures regarding remote Syslog configuration.

Decorate syslogs with meaningful attributes

The Dynatrace software intelligence platform and its Davis AI engine depend on context-rich, high-quality data. You can provide the context for your data ingested via Generic log ingest API that supports a set of keys and semantic attributes. You can also provide custom attributes that don't require indexing in Dynatrace Grail database.

Example: Add log.source attribute based on the source of syslogs in Fluentd.

The syslog message often needs additional context to differentiate sources while analysing. In this example, there are two separate syslog endpoints exposed in Fluentd. One for linux syslogs and the second for f5 syslogs. This helps decorate log streams with meaningful log.source attribute. Fluentd configuration file would look like this:

<source>
    @type syslog
    port 5140
    bind 0.0.0.0
    tag system-linux
</source>

<source>
    @type syslog
    port 5141
    bind 0.0.0.0
    tag system-f5
</source>

Add log.source attribute based on fluentd tag.

<filter system-linux.**>
    @type record_transformer
    <record>
    log.source "linux syslogs"
    </record>
</filter>

<filter system-f5.**>
    @type record_transformer
    <record>
    log.source "f5 syslogs"
    </record>
 </filter>

Refer to Fluentd record_transformer filter plugin documentation for more details.

Dynatrace
DocumentationMore Information
By Dynatrace
Dynatrace support center
Copy to clipboard
Dynatrace Hub
Get data into DynatraceBuild your own app
All (770)Log Management and AnalyticsKubernetesAI and LLM ObservabilityInfrastructure ObservabilitySoftware DeliveryApplication ObservabilityApplication SecurityDigital ExperienceBusiness Analytics
Filter
Type
Built and maintained by
Deployment model
SaaS
  • SaaS
  • Managed
Partner FinderBecome a partnerDynatrace Developer

Discover recent additions to Dynatrace

Problems logo

Problems

Analyze abnormal system behavior and performance problems detected by Davis AI.

Logs logo

Logs

Explore all your logs without writing a single query.

Security Investigator logo

Security Investigator

Fast and precise forensics for security and logs on Grail data with DQL queries.

Business Flow logo

Business Flow

Track, analyze, and optimize your critical business processes.

Cost & Carbon Optimization logo

Cost & Carbon Optimization

Track, analyze, and optimize your IT carbon footprint and public cloud costs.

Davis Anomaly Detection logo

Davis Anomaly Detection

Detect anomalies in timeseries using the Davis AI

Analyze your data

Understand your data better with deep insights and clear visualizations.

Notebooks logo

Notebooks

Create powerful, data-driven documents for custom analytics and collaboration.

Dashboards logo

Dashboards

Transform complex data into clear visualizations with custom dashboards.

Automate your processes

Turn data and answers into actions, securely, and at scale.

Workflows logo

Workflows

Automate tasks in your IT landscape, remediate problems, and visualize processes

Jira logo

Jira

Create, query, comment, transition, and resolve Jira tickets within workflows.

Slack logo

Slack

Automate Slack messaging for security incidents, attacks, remediation, and more.

Secure your cloud application

See vulnerabilities and attacks in your environment.

Security Overview logo

Security Overview

Get a comprehensive overview of the security of your applications.

Code-Level Vulnerabilities logo

Code-Level Vulnerabilities

Detect vulnerabilities in your code in real time.

Threats & Exploits logo

Threats & Exploits

Understand, triage, and investigate application security findings and alerts.

Are you looking for something different?

We have hundreds of apps, extensions, and other technologies to customize your environment

Leverage our newest innovations of Dynatrace Saas

Kick-start your app creation

Kick-start your app creation

Whether you’re a beginner or a pro, Dynatrace Developer has the tools and support you need to create incredible apps with minimal effort.
Go to Dynatrace Developer
Upgrading from Dynatrace Managed to SaaS

Upgrading from Dynatrace Managed to SaaS

Drive innovation, speed, and agility in your organization by seamlessly and securely upgrading.
Learn More
Log Management and Analytics

Log Management and Analytics

Innovate faster and more efficiently with unified log management and log analytics for actionable insights and automation.
Learn more