Toto

Fri, 09 Jun 2023 07:37:44 UTC

Hey guys, trying to test OpenObserve to ingest logs using syslog as documented here However, when I log in to my cloud tenant, I don't see the syslog option. Any thoughts? Thanks

Prabhat

Fri, 09 Jun 2023 07:38:15 UTC

syslog is not supported directly in cloud

Prabhat

Fri, 09 Jun 2023 07:38:42 UTC

You must use fluentbit/vector as a local server and then forward using it if you want to use cloud for sending syslog

Prabhat

Fri, 09 Jun 2023 07:38:55 UTC

else you must host opensobserve on your own

Prabhat

Fri, 09 Jun 2023 07:39:16 UTC

the reason for this is that syslog protocol does not support authentication

Prabhat

Fri, 09 Jun 2023 07:39:32 UTC

and we cannot open something on internet that has no authentication

Toto

Fri, 09 Jun 2023 07:41:16 UTC

Thanks

Prabhat

Fri, 09 Jun 2023 07:41:37 UTC

are you planing to send logs directly from network devices?

Prabhat

Fri, 09 Jun 2023 07:41:48 UTC

or from your servers?

Toto

Fri, 09 Jun 2023 07:46:36 UTC

from network devices, opnsense

Prabhat

Fri, 09 Jun 2023 07:49:10 UTC

you should setup a local fluentbit that can act as a syslog server and can forward logs to openObserve cloud

Prabhat

Fri, 09 Jun 2023 07:49:21 UTC

Here are the docs -

Prabhat

Fri, 09 Jun 2023 07:49:38 UTC

Let us know if that helps, we can help you configure it

Prabhat

Fri, 09 Jun 2023 07:50:05 UTC

Your config file would look like

Toto

Fri, 09 Jun 2023 07:50:05 UTC

yup thank you. I got that from your initial reply above

Toto

Fri, 09 Jun 2023 07:50:24 UTC

however I'm working with vector instead of fluent bit .. any preference here?

Prabhat

Fri, 09 Jun 2023 07:50:39 UTC

nah, both are good.

Toto

Fri, 09 Jun 2023 07:54:31 UTC

while configuring vector to receive syslog msgs, it requires configuring a socket. I'm trying to understand what's used for.

Toto

Fri, 09 Jun 2023 07:54:38 UTC

```path = "/path/to/socket"```

Toto

Fri, 09 Jun 2023 07:55:25 UTC

is this socket a temporary file to process the msgs before sending them out ?

Prabhat

Fri, 09 Jun 2023 07:58:16 UTC

path is the unix domain socket that will be used to receive syslog messages

Prabhat

Fri, 09 Jun 2023 07:58:23 UTC

possible values are

Prabhat

Fri, 09 Jun 2023 07:58:45 UTC

```/dev/log or /var/run/syslog.sock```

Prabhat

Fri, 09 Jun 2023 07:59:17 UTC

you need the path parameter only if you are using tcp

Prabhat

Fri, 09 Jun 2023 07:59:31 UTC

if you set the mode to UDP then you don't need it

Prabhat

Fri, 09 Jun 2023 07:59:48 UTC

I suggest you go ahead with mode "udp"

Toto

Fri, 09 Jun 2023 08:01:56 UTC

Ok, will test that, and let u know, thanks

Toto

Fri, 09 Jun 2023 08:46:40 UTC

So I managed to ship the logs. How can I search for all message containing a certain string ?

Prabhat

Fri, 09 Jun 2023 10:55:53 UTC

Check the syntax guide button.

Prabhat

Fri, 09 Jun 2023 10:56:15 UTC

above the query editor

Prabhat

Fri, 09 Jun 2023 10:56:41 UTC

for full text search on a specific field you may need to enable it in the stream details

OpenObserve syslog and forwarding with fluentbit/vector

Toto

Prabhat

Prabhat

Prabhat

Prabhat

Prabhat

Toto

Prabhat

Prabhat

Toto

Prabhat

Prabhat

Prabhat

Prabhat

Toto

Toto

Prabhat

Toto

Toto

Toto

Prabhat

Prabhat

Prabhat

Prabhat

Prabhat

Prabhat

Toto

Toto

Prabhat

Prabhat

Prabhat

OpenObserve

Similar Threads