syslog-ng

Onboarding allows you to collect metrics about the host, display the host on the Topology page, and to tap into the log flow.

Onboarding requires you to modify the host and the configuration of the logging agent running on the host.

  • Level 1: Install Axolet on the host. Axolet collects metrics from the host and sends them to the Axoflow Console, so you can check host-level metrics on the Metrics & Health page of the host, and displays the host on the Topology page.
  • Level 2: Instrument the configuration of the logging agent to provide detailed metrics about the traffic flow. This allows you to display data about the host on the Analytics page.
  • Level 3: Instrument the configuration of the logging agent to allow you to access the logs of the logging agent and to tap into the log flow from the Axoflow Console. The exact steps for this integration step depend on the configuration of your logging agent. Contact us so our professional services can help you with the integration.

To onboard an existing syslog-ng instance into Axoflow, complete the following steps.

  1. Install Axolet on the host, then approve its registration on the Provisioning page of the Axoflow Console.

  2. The syslog-ng host is now visible on the Topology page of the Axoflow Console as a source.

  3. If you've already added the AxoRouter instance or the destination where this host is sending data to the Axoflow Console, add a path to connect the host to the AxoRouter or the destination.
    1. Select Topology > + Path.

      Add a new path

    2. Select your data source in the Source host field.

      Configure path

    3. Select the target router or aggregator this source is sending its data to in the Target host field, for example, axorouter.

    4. Select the Target connector. The connector determines how the destination receives the data (for example, using which protocol or port).

    5. Select Create. The new path appears on the Topology page.

      The new path

  4. Access the syslog-ng host and edit the configuration of syslog-ng. Set the statistics-related global options like this (if the options block already exists, add these lines to the bottom of the block):

    options {
        stats-level(2);
        stats-freq(0); # Inhibit statistics output to stdout
    };
    
  5. (Optional) To get detailed metrics and analytics about the traffic that flows through the host, instrument your syslog-ng configuration as follows:

    1. Download the following configuration snippet to the syslog-ng host, for example, as /etc/syslog-ng/conf.d/axoflow-instrumentation.conf.

      
      
    2. Include it in at the top of your configuration file:

      @version: current
      @include "axoflow-instrumentation.conf"
      
    3. Edit every destination statement to include a parser { metrics-output(destination(<custom-ID-for-the-destination>)); }; line, for example:

      destination d_file {
          channel {
              parser { metrics-output(destination(my-file-destination)); };
              destination { file("/dev/null" persist-name("d_s3")); };
              };
          };
      
  6. Reload the configuration of syslog-ng.

    systemctl reload syslog-ng