Stream your logs to log storage with syslog and API import

Dynatrace Log Analytics continues to extend its reach beyond OneAgent-instrumented data sources.

Logs are often produced by important infrastructure components that, for various reasons, can’t be instrumented by OneAgent (which is by far the best, most automated, and intelligent way of gathering logs within modern application infrastructures). Sometimes, however, you need these additional logs from hardware devices or legacy systems that don’t support our native OneAgent instrumentation approach. With the latest release of ActiveGate, this is now possible!

You can now use an Environment ActiveGate (version 1.157 or higher) as a listener to log streams using HTTP POST or TCP/UDP syslog. These streams must meet the following requirements:

  • Data must be sent in plain text.
  • Each log message must be preceded by a header that allows for authentication and data connection to the appropriate part of the application infrastructure (such as a host or process).

The requirements listed above can be met using, for example, an RSYSLOG protocol-based client and related templates functionality.

Note that because OneAgent isn’t required to receive such logs, this functionality requires central log storage that isn’t available if you’re running the free tier of Log Analytics. ActiveGate takes care of the secure and reliable transportation of this data to the cluster (either SaaS or Managed) and central log storage.

To generate the appropriate template, navigate to Settings > Log Analytics > Sources.

In the example below, logs will be connected to an existing device (HOST-IG-144-101439) and/or process running on this device. You can alternatively create a new device.

Rsyslog / API import template configuration

Logs appear in the same place as other logs, within the Log Viewer interface.

All functionality that’s available for other log types, such as querying, grouping, and searching for tags and names is also available for logs received via syslog or the API. You can also analyze a mix of logs that are received both in this way and logs that are gathered by OneAgent using the standard approach. In the example below, note the special path for logs that are received via syslog or the API.

Special path in the Log Viewer for logs received via syslog or the API

With this new functionality, you can now extend your troubleshooting options by extending diagnostics data coverage beyond the OneAgent-instrumented aspects of your application infrastructure. By using ActiveGate plugins, you can gather metrics from devices that can’t support OneAgent, and by using syslog/API log import you can integrate these metrics with information from logs retrieved from these devices—thereby providing you with complete visibility and faster troubleshooting.

Note: Definition of log events, and log content masking and filtering within syslog and API-imported logs will be provided in a future Dynatrace release.

Stay updated