Skip to technology filters Skip to main content
Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:
Home hero bg
Syslog (via Fluentd)Syslog (via Fluentd)
Syslog (via Fluentd)

Syslog (via Fluentd)

Stream Syslog data do Dynatrace via Fluentd for analysis.

Technology
Free trialDocumentation
  • Product information

Overview

Syslog is a standard protocol for message logging and system logs management. Devices like routers, printers, hosts, switches, and many other devices across many platforms use the Syslog standard to log users' activity, system/software life-cycle events, status, or diagnostics.

In network monitoring, the Syslog protocol is very useful because of its client-server architecture, where the remote Syslog server listens to the client's log messages. Such consolidation of logging data in a central repository allows taking advantage of unified Dynatrace Log Management and Analytics Powered by Grail for actionable insights and automation.

Stream syslog via Fluentd if you already collect logs with it or if a specific use case requires an additional component (e.g., forwarding logs to different targets). If you want to benefit from a secure, trusted edge component with enterprise support and life-cycle management, please refer to Syslog ingest via Dynatrace ActiveGate.

In the case where Linux system syslog observability is the main focus, we recommend deploying OneAgent, which auto-discovers host syslog data, preserves topology context, and requires minimal configuration and maintenance.

This is intended for users who want to: Complement observability data in Dynatrace, extend the Davis AI engine and enable App Owners, DevOps, and SRE teams to analyze all syslog data centrally.

This enables you to: Leverage the Fluentd Syslog input plugin to get syslogs from your devices into Dynatrace where you can immediately benefit from Dynatrace AI-driven root cause analysis.

Get started

Set up the flow from Syslog producer over Fluentd to Dynatrace with the following steps:

  1. Get a Dynatrace API token with the logs.ingest (Ingest Logs) scope

  2. Deploy Fluentd

  • Fluentd can also run as a DaemonSet in a Kubernetes cluster. Built-in resiliency ensures data completeness and consistency even if Fluentd or an endpoint service goes down temporarily.
  1. Enable Fluentd to accept incoming Syslog messages.
  • The in_syslog input plugin enables Fluentd to retrieve records via the Syslog protocol on UDP or TCP. It is included in Fluentd's core so no additional installation is needed in this step.
  1. Use the Dynatrace Fluentd plugin to stream logs to Dynatrace cluster.
  • Open source Dynatrace Fluentd plugin uses generic log ingestion API to send logs to dynatrace.
  1. Point your devices to send syslogs to Fluentd

Details

Send syslogs to remote endpoint

Example 1: Configure Rsyslog on Linux Ubuntu to forward syslogs to a remote server.

Add the following line to the syslog daemon configuration file /etc/rsyslog.conf (UDP protocol):

*.* @<fluentd host IP>:5140

*.* - instructs the daemon to forward all messages to the specified Fluentd instance listening on port 5140 and <fluentd host IP> needs to point to the IP address of Fluentd.

@@ - if you are using TCP, type two @ symbols

Example 2: Configuring the F5 BIG-IP system to log to a remote syslog server (11.x - 17.x)

Refer to F5 BIG-IP documentation for procedures regarding remote Syslog configuration.

Decorate syslogs with meaningful attributes

The Dynatrace software intelligence platform and its Davis AI engine depend on context-rich, high-quality data. You can provide the context for your data ingested via Generic log ingest API that supports a set of keys and semantic attributes. You can also provide custom attributes that don't require indexing in Dynatrace Grail database.

Example: Add log.source attribute based on the source of syslogs in Fluentd.

The syslog message often needs additional context to differentiate sources while analysing. In this example, there are two separate syslog endpoints exposed in Fluentd. One for linux syslogs and the second for f5 syslogs. This helps decorate log streams with meaningful log.source attribute. Fluentd configuration file would look like this:

<source>
    @type syslog
    port 5140
    bind 0.0.0.0
    tag system-linux
</source>

<source>
    @type syslog
    port 5141
    bind 0.0.0.0
    tag system-f5
</source>

Add log.source attribute based on fluentd tag.

<filter system-linux.**>
    @type record_transformer
    <record>
    log.source "linux syslogs"
    </record>
</filter>

<filter system-f5.**>
    @type record_transformer
    <record>
    log.source "f5 syslogs"
    </record>
 </filter>

Refer to Fluentd record_transformer filter plugin documentation for more details.

Dynatrace
DocumentationMore Information
By Dynatrace
Dynatrace support center
Copy to clipboard
Dynatrace Hub
Hub HomeGet data into DynatraceBuild your own app
Log Management and AnalyticsKubernetesAI and LLM ObservabilityInfrastructure ObservabilitySoftware DeliveryApplication ObservabilityApplication SecurityDigital ExperienceBusiness Observability
Filter
Type
Built and maintained by
Deployment model
SaaS
  • SaaS
  • Managed
Partner FinderBecome a partnerDynatrace Developer

All

0 Results filtered by:

Default empty state

We couldn't find any results

You can search all listings, or try a different spelling or keyword. Still nothing? Dynatrace makes it easy to create custom apps.

Find a partnerLearn to build apps