syslog-ng

Create topic

Click on "Create topic".

Enable syslog protocol ingestion in topic configuration

Click on "Enable syslog" and write down port number.

Download CA certificates

Downlad CA certificates bundle and place it in /etc/syslog-ng/cacert.pem

sudo curl https://curl.se/ca/cacert.pem -o /etc/syslog-ng/cacert.pem

Add Loglark export to syslog-ng configuration

First, you need to locate configuration directory for syslog-ng. It is tipically etc/syslog-ng/conf.d/ on Linux systems or /usr/local/etc/syslog-ng/conf.d/ on FreeBSD. Place place the following snippet into loglark.conf file in that directory.

Replace XXXX with port number you've got earlier.

The example assumes that you have s_src source defined in syslog-ng configuration. If you are not sure what source do you have, check for lines looking like source s_src, source s_all, etc.

# define loglark destination
destination d_loglark {
  network("feeder.loglark.io" port(XXXX)
    transport("tls")
    tls(
      ca-file("/etc/syslog-ng/cacert.pem")
    ) 
  );
};


# forward logs from source s_src to loglark
log {
  source(s_src);
  destination(d_loglark);
};

Restart rsyslog

sudo service syslog-ng restart

Create topic​

Enable syslog protocol ingestion in topic configuration​

Download CA certificates​

Add Loglark export to syslog-ng configuration​

Restart rsyslog​

Create topic

Enable syslog protocol ingestion in topic configuration

Download CA certificates

Add Loglark export to syslog-ng configuration

Restart rsyslog