To import additional log sources from rsyslog or to use the API log import:
Make sure that you have Log Analytics enabled.
Note that import of rsyslog and API log sources is not available with the free tier of Log Analytics.
Deploy a dedicated ActiveGate for Log Analytics.
Go to Install an Environment ActiveGate to perform ActiveGate installation.Important
Make sure you install the dedicated ActiveGate on a host that has access to your Dynatrace environment (connectivity to your Dynatrace cluster).
Configure a dedicated ActiveGate
Add the collector configuration to the
custom.properties file for the ActiveGate.
See Where can I find ActiveGate files? for the location of the file.
[collector] SyslogReceiverPort = 2000 SyslogCollectorEnabled = true LogDiskBufferPath=/tmp/diskbuffer AWSAgentEnabled = true
Make sure the path defined in the
LogDiskBufferPath property points to an existing directory with permissions matching that of an ActiveGate user (for example,
Restart your ActiveGate.
After you restart it, the ActiveGate will be connected to the environment with the Log Analytics Collector module running.
Create a template
In Dynatrace, go to Settings > Log Analytics > Sources and select Rsyslog/API import.
Select the host or custom device group, and then select the process group instance and the API token.
Optionally, you can create a new custom device group and generate a new API token. To generate and configure your API tokens, go to Settings > Integration > Dynatrace API. Make sure that Log import is within the access scope of your API token.
If you plan to use a custom device in your log import, make sure that you also have a license for custom metrics.
Click Create template to view automatically generated templates based on your settings.
- Rsyslog stream receiver template:
Put the following two lines in the syslog configuration file, e.g. /etc/rsyslog.conf: $template dynatrace,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag% [dt@31094 token=\"<DynatraceToken>=\"]%msg%" *.* @@184.108.40.206;dynatrace
- API import template:
Note that your Dynatrace token is already included in templates.
For rsyslog stream receiver
You can stream the syslog over UPD or TCP. We recommend that you use TCP because it presents more options for communication error checking and encryption.
Modify the template to reflect the ActiveGate address and port.
The following line should contain the ActiveGate address and port:
The ActiveGate address can be:
- An IP address:
- A host name:
- A fully qualified domain name:
Append the modified template to the
/etc/rsyslog.conf configuration files of all the systems you want to receive logs from. Authentication is based on the API token.
After the daemon is restarted, log files should be visible in the Log Viewer.
For API import
Include the following token in POST messages sent over HTTP to endpoint
ActiveGateAddress reflects the dedicated Log Analytics ActiveGate and port: